2

Possible Duplicate:
How to connect to SQL server database from javascript?

How can I run sql query inside javascript function? Hope you can help. many thanks.

Community
  • 1
  • 1
simon
  • 61
  • 1
  • 1
  • 2
  • 1
    If it was possible, it would be a huge security hole! Javascript is generally client-side, and that would mean that users of your web site could make arbitrary SQL queries. – Philippe Plantier Sep 10 '11 at 17:07
  • 2
    Are you refer to SQLite supported by Chrome and Firefox? – ajreal Sep 10 '11 at 17:08
  • Please read then re-read the first sentence of the accepted answer on the referenced post, then ignore the middle bit containing the script example, then read the second last sentence. Use ajax calls to server side scripts to do stuff like this. – Kev Sep 11 '11 at 12:48

3 Answers3

3

Unless you are using something like node.js, the javascript code is executed on the client side (in the user's browser), so it doesn't have access to the SQL server.

You should do the SQL query on the server side (e.g. in PHP or the language you use on the server side), and do Ajax requests on the client side.

Robert Harvey
  • 178,213
  • 47
  • 333
  • 501
Arnaud Le Blanc
  • 98,321
  • 23
  • 206
  • 194
2

Short answer is, you can't. But you can use ajax to fire a request to the server, which runs the query and returns the results.

bfavaretto
  • 71,580
  • 16
  • 111
  • 150
  • ... and it would be a terrible idea to do so, because any user could then run arbitrary SQL queries. Bad, bad, bad. – Philippe Plantier Sep 10 '11 at 17:08
  • @Gruikya: A terrible idea to use AJAX? Really? – Yuck Sep 10 '11 at 17:09
  • @Gruikya, hopefully he was not suggesting to send SQL queries to the server for it to execute them directly ;) – Arnaud Le Blanc Sep 10 '11 at 17:10
  • A terrible idea to use AJAX to send a SQL request to the server, which the server would then execute. (Unless you are writing some kind of SQL console, that is) – Philippe Plantier Sep 10 '11 at 17:12
  • @arnaud576875 better safe than sorry! I actually saw an intern do something like that on a web application: a SQL query was generated using Javascript, then sent to the server which executed it without even any kind of attempt at sanitization. Eww. – Philippe Plantier Sep 10 '11 at 17:15
  • @simon, please read the comments above, since I believe I wasn't clear enough. Do not directly send SQL queries with ajax, the queries should reside on the server. – bfavaretto Sep 10 '11 at 19:04
0

JavaScript is client side, SQL is server side. Probably you just have to write a server script, like in PHP, that return sql results and with javascript and AJAX technology get that results and work on it with javascript on client side. Learn about AJAX and ie. jQuery.

szamil
  • 684
  • 5
  • 17
  • 4
    That's not entirely true. SQL can very well run on the client side as well, given a proper driver and the ability to connect to the server. –  Sep 10 '11 at 17:09
  • "ability to connect to the server" - SQL server installed on client machine? Isn't it still server-side SQL? – szamil Sep 10 '11 at 18:13
  • You don't need a locally installed server to be able to connect it. Client/Server is all about client side SQL sent to the server. –  Sep 10 '11 at 18:24
  • I see that we have misunderstood. I was thinking about running SQL query on client side, you are talking about sending SQL query to SQL server (which, as described above in comments, may be bad idea)... – szamil Sep 10 '11 at 18:35
  • Whether embedding SQL in a Javascript application is a good idea is different topic ;) In general I'd agree that it's probably a bad idea... –  Sep 10 '11 at 18:36