views:

168

answers:

3

Hey all,

I'm moving from the realm of just JS to php and Ajax. I've dabbled some with PHP in the past. I really appreciate how much help stackoverflow has been in helping me with basic questions.

let says I have a div called #divName.

I use the following JS for Ajax. Some of this is just pseudo code.

var request = false;
   try {
     request = new XMLHttpRequest();
   } catch (trymicrosoft) {
     try {
       request = new ActiveXObject("Msxml2.XMLHTTP");
     } catch (othermicrosoft) {
       try {
         request = new ActiveXObject("Microsoft.XMLHTTP");
       } catch (failed) {
         request = false;
       }  
     }
   }

   if (!request)
     alert("Error initializing XMLHttpRequest!");

   function getAjaxInfo(<name of the php function???>) { //<<<<< this is the function I need help with
    var myFunction= nameOfPHPfunctionIJustGot;
     var url = "filename.php?func=" + myFunction;
     request.open("GET", url, true);
     request.onreadystatechange = updatePage;
     request.send(null);
   }

  function updatePage() {
     if (request.readyState == 4) {
       if (request.status == 200) {
         var response = request.responseText;
             document.getElementById("divName").innerHTML = response; //probably going to use Jquery append here, but this example works.
               } else
         alert("status is " + request.status);
     }
   }

The I have my fileName.php file:

<?php

function header() { ?>
   header content goes here
<?php }

function footer() { ?>
    footer content goes here
<?php }

?>

My goal is that when I execute getAjaxInfo(), I can pull whatever PHP function I want.

So lets say if I do a onClick="getAjaxInfo(header)" it will get the php header function, apply it to a javascript function, and then apply that to a div.

Any help would be appreciated!

+2  A: 

Try with:

$func=$_GET['func'];
if(function_exists($func)) $func();

In this way you get the function name passed by GET and the execute it.

If you want to be able to call only certain functions:

$allowedFunctions=array("header","footer");
$func=$_GET['func'];
if(in_array($func,$allowedFunctions) && function_exists($func)) $func();
mck89
But in you probably want to use some sort of whiteliste instead of allowing calls to arbitrary functions (even if you limit it to parameter-less functions)
VolkerK
Grr... I was just in the middle of writing that exact code. Ya beat me to it. :) Also, as long as you have jquery around, I'd strongly recommend using it's ajax functions, rather than rolling your own.
sprugman
ha! I didn't even think to check if jquery had ajax functions...drr
Jared
Just a note - remember I'm a major noob. I understand code when it's put before me, but I have no idea how to plug that into the code I provided.
Jared
Write that code when you want to call the function. Put it at the end of the file and it will work.
mck89
That code protects it from just any function executing and allows me to pass it through the URL, but I still don't know how to setup the JS? How do I pass `getAjaxInfo(funcName)` to var `myFunction` ?
Jared
If you are asking me how to pass the desidered function name to myFunction do it in this way:function getAjaxInfo(myFunction) { var url = "filename.php?func=" + myFunction; request.open("GET", url, true); request.onreadystatechange = updatePage; request.send(null); }
mck89
+2  A: 

Picking up on @VolkerK's suggestion, and adding a failure function:

$func = $_GET['func'];
$allowed = array('header', 'footer');
if (in_array($func, $allowed) && function_exists($func)) $func();
else default_action();
sprugman
thank you for the additional functionality :)
Jared
+2  A: 
<?php

$allowedFunctions = array(
   'header',
   'footer'
);

$functionName = $_GET[ 'func' ];

if( in_array( $functionName, $allowedFunctions ) && function_exists( $functionName ) )
{
    $functionName();
}

/* your function definitions */
?>

$allowedFunctions is a whitelist array of user defined (i.o.w. your) php functions that you want the ajax call to allow to execute. If you don't keep this whitelist, your script will be potentially dangerous, since it would allow anyone to execute an arbitrary function. That is something you definately do not want.

fireeyedboy