tags:

views:

177

answers:

1
Q: 

Call PHP method with Ajax.Request

Whats the best way to call a certain method in a PHP file with Ajax.Request (using prototype)? I am submiting a form with Form.serialize, so I thought of adding a parameter (like the name of the method to call) and then check it on the server script. Something like:

var params=Form.serialize("someform")+"&=method='check_data'";
new Ajax.Request('somescript.php',{method:'post',parameters:params,onSuccess:
function(response)
{ 
    .. do something with the response

And in somescript.php:

if($_POST["method"] == "check_data")
{
    check_data();
...
}

This would work, but Im sure theres a better or simpler way to call a remote method (ala MVC). Any ideas?

+3  A: 

Under no circumstances do this for normal PHP methods. It opens a big potential security hole. Even if you limit the commands that can be called that way, it's not a good way to go in the long run.

Either stay with what you already do: Define a list of commands that can be passed to the PHP script (e.g. command=delete, command=update, command=copy, whatever you need), and call them using switch.

Or use a class with methods that can be safely called from outside:

class myCommands
{
  function copy()  {  ... }
  function delete()  {  ... }
  function update()  {  ... }
 }

then, in the PHP file, pass through the command like

if (method_exists($class, $_POST["method"]))  
 call_user_func(array($class, $_POST["method"]));
Pekka  2010-01-15 12:46:08
You suggest the solution I posted but without passing the method name as parameter (something else like update, copy) and then check it on the php script and call the method I want?
JoaoPedro  2010-01-15 12:55:12
Nice! Thanks a lot!
JoaoPedro  2010-01-15 12:57:13
Your solution is fine because it limits the range of functions that can be called. If you want to introduce a wildcard (i.e. direct calling of whatever is in `$_POST["method"]` I suggest doing this for the methods of a class name only as I show in my updated answer; otherwise it would be possible to execute any PHP function.
Pekka  2010-01-15 12:57:24
Didn't see your last comment. You're welcome!
Pekka  2010-01-15 12:57:56

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases