Win a copy of Event Streams in Action this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Knute Snortum
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Piet Souris
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

PHP code is working but with AJAX it's not working

 
Ranch Hand
Posts: 39
Netbeans IDE MySQL Database Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, got this code from w3schools.com
But when run it in my pc with xampp its not working.

PHP query and when i load getCustomer.php , it works well.

But when i get it using ajax code its not working.

Can someone please help me.

Ajax page NewInvoice.php



Below is getCustomer.php code



Appreciate if someone can point out where i have gone wrong.

Thanks
 
Sheriff
Posts: 21775
103
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Step one is finding out where the issue lies. Use your browser's development tools (Chrome: F12), look at the network tab, and check what the actual AJAX request and response are.
 
Rob Spoor
Sheriff
Posts: 21775
103
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By the way, your code is vulnerable for both SQL injection (getCustomer.php line 26) and XSS / JavaScript injection (NewInvoice.php line 31).
 
Ifraz Imanudeen
Ranch Hand
Posts: 39
Netbeans IDE MySQL Database Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How can i avoid vulnerability...

Rob Spoor wrote:By the way, your code is vulnerable for both SQL injection (getCustomer.php line 26) and XSS / JavaScript injection (NewInvoice.php line 31).

 
Rob Spoor
Sheriff
Posts: 21775
103
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For the SQL injection you should either use http://php.net/manual/en/mysqli.real-escape-string.php or preferably PDO.

For the JavaScript injection you should actually not set innerHTML at all. Instead your response should be something that is not HTML, like JSON, and then do some JavaScript magic to create the table instead. There you should set the text of elements, not the innerHTML. jQuery can be really useful there.
 
Ifraz Imanudeen
Ranch Hand
Posts: 39
Netbeans IDE MySQL Database Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thats a lot,

better decide to drop web development, real hassel.

Thanks anyway for a clear idea...

Rob Spoor wrote:For the SQL injection you should either use http://php.net/manual/en/mysqli.real-escape-string.php or preferably PDO.

For the JavaScript injection you should actually not set innerHTML at all. Instead your response should be something that is not HTML, like JSON, and then do some JavaScript magic to create the table instead. There you should set the text of elements, not the innerHTML. jQuery can be really useful there.

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Try this code:

function showName(str){

   if (str.length == 0){ //exit function if nothing has been typed in the textbox

       document.getElementById("txtName").innerHTML=""; //clear previous results

       return;

   }

   if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari

       xmlhttp=new XMLHttpRequest();

   } else {// code for IE6, IE5

       xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");

   }

   xmlhttp.onreadystatechange=function() {

       if (xmlhttp.readyState == 4 && xmlhttp.status == 200){

           document.getElementById("txtName").innerHTML=xmlhttp.responseText;

       }

   }

   xmlhttp.open("GET","frameworks.php?name="+str,true);

   xmlhttp.send();

}
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!