Member Avatar for jasonc31

I have found the following code and wish to have it do a POST instead of the GET

can someone tell me what needs changing so this does a POST

ajax.php

<?php
if (is_numeric($_GET['client_id'])) {
    include("database.php");
    $query="SELECT * FROM `client_addresses` WHERE `client_id` = '". db_input($_GET['client_id']) ."'";
    $result=mysql_query($query);
   ?><select name="client_address">
    <option>Select address</option><?
    while( $res_array = mysql_fetch_assoc($result) ) {
        echo "<option value=\"".$res_array['client_address']."\">".$res_array['client_address']."</option>";
    } ?>
   </select>
   <?
}
?>

index.php

<html>
<head>
<script language="JavaScript" type="text/javascript">
function display_data(client_id) {
    xmlhttp=GetXmlHttpObject();
    if (xmlhttp==null) {
        alert ("Your browser does not support AJAX!");
        return;
    }
    var url="ajax.php";
    url=url+"?client_id="+client_id;
    xmlhttp.onreadystatechange=function() {
        if (xmlhttp.readyState==4 || xmlhttp.readyState=="complete") {
            document.getElementById('employ_data').innerHTML=xmlhttp.responseText;
        }
    }
    xmlhttp.open("GET",url,true);
    xmlhttp.send(null);
}
function GetXmlHttpObject() {
    var xmlhttp=null;
    try {
        // Firefox, Opera 8.0+, Safari
        xmlhttp=new XMLHttpRequest();
    }
    catch (e) {
        // Internet Explorer
        try {
            xmlhttp=new ActiveXObject("Msxml2.XMLHTTP");
        }
        catch (e) {
            xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
        }
    }
    return xmlhttp;
}
</script>
</head>
<body>
<form>
<select name="client_name" onchange="display_data(this.value);">
    <option>Select client</option>
    <?php
    include("database.php");
   $customer_id = "11";
    $query="SELECT * FROM `client_names`";// WHERE `customer_id` = '". $customer_id ."'
    $result=mysql_query($query);
    while( $res_array = mysql_fetch_assoc($result) ) {
        echo "<option value=\"".$res_array['client_id']."\">".$res_array['client_id']."</option>";
    }
    ?>
</select>
<div id="employ_data"><div>
</form>
</body>
</html>
  • 2 Contributors
  • 5 Replies
  • 143 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by jasonc31

Recommended Answers

All 5 Replies

Member Avatar for hielo

In ajax.php change $_GET to $_POST.
In index.php update the following javascript function:

function display_data(client_id) {
    xmlhttp=GetXmlHttpObject();
    if (xmlhttp==null) {
        alert ("Your browser does not support AJAX!");
        return;
    }
    var url="ajax.php";
    var parameters="client_id="+client_id;
    xmlhttp.onreadystatechange=function() {
        if (xmlhttp.readyState==4 || xmlhttp.readyState=="complete") {
            document.getElementById('employ_data').innerHTML=xmlhttp.responseText;
        }
    }
    xmlhttp.open("POST",url,true);
	xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    xmlhttp.setRequestHeader("Content-length", parameters.length);
    xmlhttp.send(parameters);
}
Member Avatar for jasonc31

Thank you for your help, this has really worried me that I could not securely get this data.

Works a dream in the standalone file, now to import it in to my main site.

Cheers

Member Avatar for jasonc31

Hi,

Just about to finish off adding the code and it just clicked that this will not work.

I had found this code just browsing but did not think about it until now.

What I am wanting the code to do is securely get the data using ajax but replace the existing blank selection field in my form.

but without clearing the other fields of their data.

can this be tweaked to do this or is there another way?

Member Avatar for hielo

...but replace the existing blank selection field in my form.

It's not clear to me what it is you are trying to do, but assuming you have: <input type="text" name="username" id="uName" value="" /> then if you change: document.getElementById('employ_data').innerHTML=xmlhttp.responseText; to: document.getElementById('uName').value=xmlhttp.responseText; then ONLY the value of the text field with id="uName" should be set to whatever your ajax request is returning.

Member Avatar for jasonc31

i was up most of the night trying to figure this out and the only way i could was to have the result emailed to me from the page, which showed the problems!

well this proved to me that it was secure !

thank you for your help

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.