Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

jQuery get.JSON confusion

  • 07-05-2012 9:34pm
    #1
    Registered Users, Registered Users 2 Posts: 12,746 ✭✭✭✭


    Hi, I'm in the middle of a project where I have to do some server side stuff with PHP.
    I'm trying to use jQuery to make my connection, specifically the getJSON function, but I'm have some trouble figuring out what variables to change. I used an example given in the course, which takes a set value following an onClick event. I'm trying to change it so it will work once a form is filled.
    //Function to handle login
    function login540()
    {
        // validates the data entered is an integer. 
        var loginNo = document.getElementById("login540id").value;
         if((parseFloat(loginNo) == parseInt(loginNo)) && !isNaN(loginNo))
        {
         jSonCaller(); 
        }
      else 
          {
        // alert(loginNo);  
        alert("Please make sure to insert only a whole number");
          } 
    
    function jSonCaller(){
    
        $.getJSON('http://localhost:8888/login540.php?login540id=?', function(data){
        
        $('#login540div').html("<p>firstName="+
        data.firstName+
        "</p> lastName="+data.lastName+" </p>moduleNo1="+
        data.moduleNo1+"</p> moduleNo2="+
        data.moduleNo2+"<p> courseID="+
        data.courseID+"</p>");
            });//end of getJSON call
        }//end of jSonCaller
        
    }
    

    The alert will pop up if I enter a decimal or letter, so I know it's getting that far, but if I enter the correct number nothing happens, though I can see the URL changing.

    I've looked at the JSON api, but I'm not quite sure what it wants in the URL section... it's correctly linked, but I'm not sure how the URL interacts with the PHP get command.

    I assumed I could leave the code as was with the static value, but it didn't seem to like it.

    The PHP is unchanged from the working version, it's still expecting the login540id variable.

    [PHP]
    <?php
    include ("config.php");

    $dbhost = 'localhost';
    $dbuser = 'root';
    $dbpass = 'root';
    $dbname = 'collegeData';

    $login540id=$_GET["login540id"];
    $table = "studentTable";
    $conn = mysql_connect($dbhost, $dbuser, $dbpass);

    if (!$conn)
    die('Could not connect: ' . mysql_error());
    if (!mysql_select_db($dbname))
    die("Can't select database");

    $result = mysql_query("SELECT * FROM {$table} WHERE studentID = '".$login540id."'");
    if (!$result)
    die("Query to show fields from table failed!" . mysql_error());

    $json = array();
    while($row = mysql_fetch_array ($result))
    {
    $json = array(
    'firstName' => $row,
    'lastName' => $row,
    'moduleNo1' => $row,
    'moduleNo2' => $row,
    'courseID' => $row
    );
    }

    $jsonstring = json_encode($json);
    echo $jsonstring;

    mysql_close($conn);
    ?>[/PHP]


Comments

  • Registered Users, Registered Users 2 Posts: 26,584 ✭✭✭✭Creamy Goodness


    $.getJSON('http://localhost:8888/login540.php?login540id=?', function(data){

    you need to remove the ? mark there and substitute in a variable

    change your jsoncaller function to this.

    jSonCaller(loginNo);
    function jSonCaller(loginNO){
    
        $.getJSON('http://localhost:8888/login540.php?login540id=' + loginNo, function(data){
        
        $('#login540div').html("<p>firstName="+
        data.firstName+
        "</p> lastName="+data.lastName+" </p>moduleNo1="+
        data.moduleNo1+"</p> moduleNo2="+
        data.moduleNo2+"<p> courseID="+
        data.courseID+"</p>");
            });//end of getJSON call
        }//end of jSonCaller
        
    }
    

    oh and don't forget to escape and validate your clients data on the server side :)


  • Registered Users, Registered Users 2 Posts: 12,746 ✭✭✭✭FewFew


    Thanks for the help! :)

    Ok, that makes sense. In the example I was looking at there was a str in the brackets, I just assumed it was something to do with a string or something so I removed it, thinking it would just take in any value.

    Firebug shows it working away, so obviously there's a choke point in my PHP now.

    Thought I had the PHP side sorted, but I guess not. D'oh. :o

    Thanks again


  • Registered Users, Registered Users 2 Posts: 241 ✭✭fcrossen


    As Creamy Goodness says - ESCAPE!

    [PHP]$login540id=$_GET["login540id"];
    $table = "studentTable";
    $conn = mysql_connect($dbhost, $dbuser, $dbpass);

    if (!$conn)
    die('Could not connect: ' . mysql_error());
    if (!mysql_select_db($dbname))
    die("Can't select database");

    $result = mysql_query("SELECT * FROM {$table} WHERE studentID = '".$login540id."'");[/PHP]

    SQL injection example:
    User posts "1' OR 1=1 --"

    See http://www.phpfreaks.com/tutorial/php-security - escpecially section 3


Advertisement