iam using a simple insert script function to pass the values from registration html page to register php page.
Here is my script:
function insert() {
// Optional: Show a waiting message in the layer with ID login_response
document.getElementById('insert_response').innerHTML = "Just a second..."
// Required: verify that all fileds is not empty. Use encodeURI() to solve some issues about character encoding.
var dispname= encodeURI(document.getElementById('disp_name').value);
var firstname= (document.getElementById('first_name').value);
var lastname= (document.getElementById('last_name').value);
var gender= (document.getElementById('genderreg').value);
var day= (document.getElementById('day').value);
var month= (document.getElementById('month').value);
var year= (document.getElementById('year').value);
var country= (document.getElementById('countryreg').value);
var city= (document.getElementById('cityreg').value);
var suburb= (document.getElementById('suburbreg').value);
var email= (document.getElementById('emailreg').value);
var password= (document.getElementById('regpassword').value);
var code= (document.getElementById('code').value);
var service= (document.getElementById('termservice').value);
// Set te random number to add to URL request
nocache = Math.random();
// Pass the login variables like URL variable
http.open('get', 'register_insert.php?site_url='+dispname+'&fname= '+firstname+'&lname= '+lastname+'&gender= '+gender
+'&day= '+day+'&month= '+month+'&year= '+year+'&country= '+country+'&city= '+city+'&suburb= '+suburb
+'&email= '+email+'&password= '+password+'&code= '+code+'&service= '+service+'&nocache= '+nocache);
http.onreadystatechange = insertReply;
http.send(null);
}
I just have a small question that is it a good pratice of passing the password values like this from html to php page. If it is not good idea then what is the best why to do so.
Thanks in advance for sugesstions.
Yeah, ordinarily I wouldn't immediately suggest that someone go to a javascript library, but I make an exception for AJAX. Getting that sort of thing to work cross-browser is just plain not-worth-it. Go for jQuery and save yourself a heap of stress.
Also take a look at the jQuery Form Plugin - it'll do all this for you in a very easy way. The site is at http://malsup.com/jquery/form/ .
But to answer your question, I'd use POST data. The general rule of thumb is that if you're retrieving something, use GET, but if you're sending or changing something, use POST.
Another quick pointer is that the code could be made a lot more legible by doing something like this:
var fields = {'disp_name', 'first_name', 'last_name', 'genderreg' /* etc ... */ ];
var values = {};
for (var i = 0, l = fields.length; i < l; ++i) {
values[fields[i]] = document.getElementById(fields[i]).value;
}
http.open(
'get',
'register_insert.php'
+ '?site_url=' + values.dispname
+ '&fname=' + values.first_name
+ '&lname=' + values.last_name /* etc */
);
...but it's not really that important I suppose.
Sending The password in this manner is no different from a regular From Submission via GET. Generally however, you would use POST. The downside to using get is that the password will appear in the URL. If you care about security, you should be using SSL.
Consider using a JS library like jQuery... it would make what you are doing above.. very easy.
Related
I'm having a really hard time sending an automated email (with Google Apps Script) that includes a URL that contains query parameter.
Expected Behavior
Google Apps Script (specifically, the Gmail service) sends an email, and part of the email body contains a URL with a query parameter. The URL will look something like this:
http://my.app/products?id=Bz9n7PJLg8hufTj11gMF
Observed Behavior
The Gmail service seems to be stripping out the = from my URL. So, the body of the email ends up looking like this:
...
http://my.app/products?idBz9n7PJLg8hufTj11gMF
...
Obviously, that link won't work.
I've checked other questions here on SO, and I've tried working with the base encoding tools from the GAS Utilities service, as well as working with the encodeURI() JavaScript method. No luck so far.
Email-sending Code
//////// GENERATING MESSAGE FROM ID ////////////
// Gets message from ID
var id = Gmail.Users.Drafts.get('me', 'r-1006091711303067868').message.id
var message = GmailApp.getMessageById(id)
var template = message.getRawContent()
// Replaces template variables with custom ones for the user using RegExes
let listingUrl = 'http://my.app/products?id=xyz'
let creatorEmail = 'hello#gmail.com'
let creatorUsername = 'Sam'
template = template.replace(/templates#my.app/g, creatorEmail)
template = template.replace(/firstName/g, creatorUsername)
//** Below is the string that gets modified and broken **//
template = template.replace(/listingUrl/g, listingUrl)
// Creates the new message
var message = Gmail.newMessage()
var encodedMsg = Utilities.base64EncodeWebSafe(template)
message.raw = encodedMsg
// Sends it
Gmail.Users.Messages.send(message, "me", Utilities.newBlob(template, "message/rfc822"))
Regex-based Solution
With the help of Tanaike and Rafa Guillermo, the solution that ended up working for me was to replace = with = by using a little .replace() like this:
listingUrl = listingUrl.replace(/=/, '=')
I passed a parameter through an URL using javascript. Here's the code:
<script>
window.onload = function() {
// Creating a cookie after the document is ready
var cookies = document.cookie.split(";")
var cookiePair = cookies[0].split("=");
var cookie_user=cookiePair[1]; // remove ending parenthesis here
window.location.replace("http://192.168.206.1/foodblog/?page=http://192.168.206.1/test/ChangeInfo.php&username="+cookie_user);
};
</script>
The page that received the parameter is called ChangeInfo
This is what I see in the URL when I get to the ChangeInfo page:
http://192.168.206.1/foodblog/?page=http://192.168.206.1/test/ChangeInfo.php&username=nitzan
When I'm trying to get the parameter username from the URL, I get this error:
Notice: Undefined index: username in C:\xampp\htdocs\test\ChangeInfo.php on line 5
The way I'm trying to get this parameter is to use $_GET like that: $username = $_GET['username'];
Does anyone know why this makes me a problem?
Thanks in advance
I just solve the problem
I deleted the Page parameter from the URL I created in javascript part.
this is the updated Javascript part:
<script>
window.onload = function() {
// Creating a cookie after the document is ready
var cookies = document.cookie.split(";")
var cookiePair = cookies[0].split("=");
var cookie_user=cookiePair[1]; // remove ending parenthesis here
window.location.replace("http://192.168.206.1/test/ChangeInfo.php?username="+cookie_user);
};
</script>
thank you :)
Ignoring the javascript part, needing to focus on PHP.
You are on this page:
http://192.168.206.1/foodblog/?page=http://192.168.206.1/test/ChangeInfo.php&username=nitzan
And when you use $_GET['username'] you get the error, that it is not assigned.
It seems that your $_GET is not working at all, probably Apache settings.
Also, it is safer to get GET parameters with isset first.
if(isset($_GET['username']) && $_GET['username']] {
$username = $_GET['username'];
}
else {
$username = '';
}
Then you can compare, if username is set or not in your php code:
if($username) {
//Do something
}
Final thought. Is your first parameter page=http://192.168.206.1/test/ChangeInfo.php working? Can you get it through $_GET?
The problem seems to be just in the way you set and get the url parameter though $_GET. If you use some framework, it might be disabled to use $_GET directly and for example in Symfony you need to use:
$request->get('username');
Amateur here... I have an SQL query on an JS page and need to pass the variables onto a PHP webpage. I know how to pass the more simple variables through the URL, but am struggling in finding and executing the most efficient way to passing a long string, i.e. the text description of a point
Here on the JS side, I have:
downloadUrl("php_genxml1.php", function(data) {
var xml = data.responseXML;
var points = xml.documentElement.getElementsByTagName("point");
for (var i = 0; i < points.length; i++) {
var id = points[i].getAttribute("id");
var name = points[i].getAttribute("name");
var description = points[i].getAttribute("description");
var url = "PHPWebPage.php?name=" + name + "&id=" + id;
To get the id from the URL, I have used stuff like the standard
$id=$_GET['id'];
I know I could re run a query based off that id from the URL, but that surely doesn't sound the most efficient. I know my options (array, sessions, etc) for whatever that's worth.
Thanks for any help, C
Try POSTing the data instead. It also makes it less likely for someone to just edit your URL in the browser to get data they're not supposed to have.
I am collecting data from a user on Server A,
I need to send that data in a URL to server B (separate buildings and companies)
On server A it is a CRM system which is pre built and I cannot just simply use PARAMETERs as I cannot HASH the PARAMETERs as the system is pre built by a third party and they would charge to allow for this.
So I have managed to build some JS that replaces certain characters from the PARAMETERs I can collect.
Here is a small snippet of what I have to make my HASH.
<script type="text/javascript">
// Collect USERID
var m = 'XX784188';
// HASH USERID
m = m.replace(/7/g, 'M');
m = m.replace(/4/g, 'S');
// Set up Object n as Location name.
var n = 'Cumbria';
// Rename Location to correct code
n = n.replace(/[Cumbria]/g, '01');
// Test Object m & n
alert(n);
alert(m);
Here is the above in a test.
Now what I cannot seem to find out is how do I insert the results into a url and redirect the user to that URL.
For example:http://google.com/?n=&m=
I can insert this line I know for the redirect:
window.location = "http://google.com/?n=&m="
I just need to know how I make that URL look like this google.com/?n=01&m=XXM8S188
Funny, I just answered the same thing 1min ago :
window.location = "http://google.com/?n="+n+"&m="+m
Your snippet code and JS Fiddle code are different.
For snippet code then you simply insert your values like,
window.location = "http://google.com/?n="+n+"&m="+m;
For JSFiddle code, then,
window.location = "http://google.com/?"+serialiseObject(obj);
Ok, so I'm learning web design as a co-op at a company. However, the department I'm in is lacking in knowledgeable people in web design. So here we go...
Building a site that will allow the department to manage PTO. I want to implement ajax b/c the main page will have a calendar system so the manager can view the PTO week by week. As a precursor to that, I'm attempting to implement ajax with the "add Employee" page for practice.
However, I can't seem to figure out what I'm missing (aka, why it's not doing anything)
This page just needs to add the new employee to the database. No display needed.
The main page just has 4 text fields and I get the information from those fields in javascript like so
var firstName = document.getElementById("firstNameField");
var lastName = document.getElementById("lastNameField");
var manager = document.getElementById("managerField");
var networkID = document.getElementById("networkIDField");
Simple enough so far.
So I set up the ajax code like so, (this is gathered from what I've read.
var url = "addEmpJSP.jsp?firstNameField=" + escape(firstName)+"&lastNameField="+escape(lastName)+"&managerField="+escape(manager)+"&networkIDField="+escape(networkID);
xmlhttp.open("POST",url,true);
xmlhttp.onreadystatechange=dummy;
xmlhttp.send(null);
This is the part where I'm assuming it's correct as I'm still learning ajax and how it works. I don't think I need to handle a response as I simply want the called jsp file to automatically do whats needed. (if that's possible).
The jsp file looks like this
<%
ResultSet rsEmpl;
Connection connection1 = getDBConnection();
Statement statment1=connection1.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,ResultSet.CONCUR_UPDATABLE);
String fName = request.getParameter("firstNameField");
String lName = request.getParameter("lastNameField");
String manager = request.getParameter("managerField");
String networkID = request.getParameter("networkIDField");
Int empId = 0;
String EditEmplSQL = "select * from PTO_employee";
rsEmpl=statment1.executeQuery(EditEmplSQL);
rsEmpl.last();
empId = rsEmpl.getRow() - 1;
statement1.execute("INSERT INTO PTO_employee VALUES ("+empID+","+lName+","+fName+","+0+","+2+","+networkID);
%>
I have a button on the page that executes the javascript function that contains the ajax info. I'm avoiding jquery atm b/c I'm trying to understand this stuff and how it works before I attempt to use "shortcuts" like jquery. I'm working towards a degree in Software Engineering so understanding this stuff is my priority, not getting it done.(that's just a bonus) If you need anymore information I can provide it. Sorry for my lack of knowledge and if this is completely off base then :(
The main page just has 4 text fields and I get the information from those fields in javascript like so
var firstName = document.getElementById("firstNameField");
var lastName = document.getElementById("lastNameField");
var manager = document.getElementById("managerField");
var networkID = document.getElementById("networkIDField");
That gives you whole HTML DOM elements back, not the values of those elements. HTML DOM elements are like Java classes, having properties, methods and so on. Assuming that it are HTML input elements like <input>, then use their value property instead to get the value. So:
var firstName = document.getElementById("firstNameField").value;
var lastName = document.getElementById("lastNameField").value;
var manager = document.getElementById("managerField").value;
var networkID = document.getElementById("networkIDField").value;
So I set up the ajax code like so, (this is gathered from what I've read.
var url = "addEmpJSP.jsp?firstNameField=" + escape(firstName)+"&lastNameField="+escape(lastName)+"&managerField="+escape(manager)+"&networkIDField="+escape(networkID);
xmlhttp.open("POST",url,true);
xmlhttp.onreadystatechange=dummy;
xmlhttp.send(null);
The escape() is the wrong function. It escapes JS syntax, it does not encode URI components. You should be using encodeURIComponent() function instead.
The jsp file looks like this
...
Int empId = 0;
...
This doesn't compile. It should be int instead.
...
String EditEmplSQL = "select * from PTO_employee";
rsEmpl=statment1.executeQuery(EditEmplSQL);
rsEmpl.last();
empId = rsEmpl.getRow() - 1;
...
Unnecessarily overcomplicated. Learn how to use DB builtin sequences/autoincrement IDs. Refer the DB specific manual or ask DB admin for help.
...
statement1.execute("INSERT INTO PTO_employee VALUES ("+empID+","+lName+","+fName+","+0+","+2+","+networkID);
...
You should put quotes around string values in the SQL query. Assuming that lName, fName and networkID are strings, not numbers, then it should look like this:
statement1.execute("INSERT INTO PTO_employee VALUES (" + empID + ",'" + lName + "','" + fName + "'," + 0 + "," + 2 + ",'" + networkID + "'");
But you have there a huge SQL injection attack hole and you also don't seem to close DB resources at all after use, so they may leak away and cause your webapp to crash sooner or later because the DB runs out of resources. Use PreparedStatement to create a parameterized SQL query and use its setters to set the values. Close the resources in finally block.
After all, reading the server logs should provide you information about compile errors and any server exceptions. Reading the ajax response should provide you information about the response status and body. Your core problem was that you ignored it and thus didn't have any chance to understand what is happening.