tags:

views:

143

answers:

1
+1  Q: 

GET and XMLHttpRequest

i have an XMLHttpRequest.The request passes a parameter to my php server code in /var/www. But i cannot seem to be able to extract the parameter back at the server side. below i have pasted both the codes:

javascript:

function getUsers(u)
{ 
 alert(u);//here u is 'http://start.ubuntu.com/9.10'
 xmlhttp=new XMLHttpRequest();
 var url="http://localhost/servercode.php"+"?q="+u;

 xmlhttp.onreadystatechange= useHttpResponse;
 xmlhttp.open("GET",url,true);
 xmlhttp.send(null);
}

function useHttpResponse() 
{

 if (xmlhttp.readyState==4 )
 {
 var response = eval('('+xmlhttp.responseText+')');
  for(i=0;i<response.Users.length;i++)
        alert(response.Users[i].UserId);

 }
}

servercode.php:

 <?php
$q=$_GET["q"];
//$q="http://start.ubuntu.com/9.10";
$con=mysql_connect("localhost","root","blaze");
if(!$con)
{die('could not connect to database'.mysql.error());
}
mysql_select_db("BLAZE",$con) or die("No such Db");
$result=mysql_query("SELECT * FROM USERURL WHERE URL='$q'");

 if($result == null)
 echo 'nobody online';
 else
  {
  header('Content-type: text/html');
  echo "{\"Users\":[";
  while($row=mysql_fetch_array($result))
  {
   echo '{"UserId":"'.$row[UsrID].'"},';
  }
  echo "]}";
  }
mysql_close($con);
?>

this is not giving the required result...although the commented statement , where the variable is assigned explicitly the value of the argument works...it alerts me the required output...but somehow the GET method's parameter is not reaching my php or thats how i think it is....pls help....

+1  A: 

If u is http://start.ubuntu.com/9.10 as you write, the URL gets garbled because : is a forbidden character in a URL.

You need to escape the URL using encodeURIComponent() in Javascript, and urldecode() it back in PHP. Docs here and here.

The JavaScript part would look like so:

 var url="http://localhost/servercode.php"+"?q="+encodeURIComponent(u);

and the PHP part:

 $q=urldecode($_GET["q"]);

your mySQL query is also vulnerable to a SQL injection, which is highly dangerous. You should at least sanitize $q using mysql_real_escape_string(). See this question for an overview on the problem, and possible solutions.

Pekka  2010-03-19 18:52:36
i changed the statements like u said... but i still din get any output....am going through the sql injection part....but changing those 2 statements is supposed to give me the output right? – Neethusha 0 secs ago
Neethusha  2010-03-19 19:08:47
@Neethusha you need to make test outputs of `$_GET["u"]` on PHP side and look what they contain.
Pekka  2010-03-19 19:09:48
i echoed $q as the 2nd statement, in localhost...it was blank output..
Neethusha  2010-03-19 19:23:25
Strange, I don't know. Can you try a simple value for `q`, for example "123" (instead of the complex URL)?
Pekka  2010-03-19 19:45:49
i tried something simple like 'hai' including entries for all that in my db....somehow unless expliciltly given value for $q, the php code does not give op...is anything else necessary for the GET XMLHttpRequest n response to work?
Neethusha  2010-03-20 06:15:52
@ Pekka...ok..der is an improvement..my javascript file was in chrome since i was developing an extension..so i moved my js file to /var/www...and it did give op for simple parameters like 'hai' n 'php.com'....but then again wen a full url is passed, it does not give output...moreover since it is a firefox extension, my js file will have to be in the chrome folder...so is there something that i have to add to the request to make it work from the chrome folder?that is from the client side browser to the server.....
Neethusha  2010-03-20 06:46:15
but is encodeURIComponent n escape of javascript compatible with urldecode of php?
Neethusha  2010-03-20 07:03:46
@Neethusha you're right, it is not 100% compatible. There seems to be no function in JS that produces data that can be decoded by PHP's `urldecode()`. See for example here for an implementation: http://www.php.net/manual/en/function.urlencode.php#85903 The chrome stuff I don't know about, but maybe this sorts it out.
Pekka  2010-03-20 11:07:22
i got the op...its like wen u do the encodeURIComponent from javascript, it autodecodes at the php side...need not use urldecode....thank you Pekka........:-)
Neethusha  2010-03-20 19:17:09
@Neethusha good stuff!
Pekka  2010-03-20 19:29:32

related questions

Handling input with the Zend Framework (Post,get,etc)
What happens if you go to a GET style url with a POST request?
Safari 3.2.1 sends POST followed by GET requests
asp.net mvc - one door filter
Can an HTTP GET legally contain content?
Persistent HTTP GET variables in PHP
How to get information about used tables from processed query?
Keeping a variable around from post to get?
GET vs POST in HTML forms
How to allow CodeIgniter GET parameters
How can I do <form method="get"> in ASP.Net for a search form?
How to build query string with Javascript
What happens when you make assignments to fields or properties of properties
JMeter Tests and Non-Static GET/POST Parameters
Getting to the query string (GET request array) inside a web service in .NET
Use GET or POST for a search form
PHP $_GET parameter is not populated, even though URL has appropriate form
HTTP URI GET limit
PHP Automatically "GET" Variables
How to post a page from asp.net to classic ASP
HTTP GET request in Javascript?
Have you noticed stray hits to your web pages that have no parameters?
HTML: POST for images?
PHP: GET-data automatically being declared as variables
When do you use POST and when do you use GET?