Ajax, json, php

Hi

You did not provide a code example, so it’s hard to say what’s the problem,
but here are a few examples that might give you a clue

3 Likes

function jason_array(where) {
console.log(“In jason array”); // I see THIS.

var fruits = ["Apple", "Banana", "Mango", "Orange", "Papaya", "Pear", "Plum", "Pomegranate", "Nectarine", "Grapefruit", "Tomato"];
var json_fruit = JSON.stringify(fruits);

console.log(json_fruit); // I see THIS.

$.ajax({
    url: "php/examples.php?lesson=json",
    method: "POST",
    type: "POST",
    dataType: "json",
    data: {fruit:json_fruit},
    contentType: "application/json",
    success: function (data) {

        console.log("In success function"); //I do NOT see this or anything else in the console.

        let locMsg = "";
        locMsg += "Raw Data=" + data + ".<br>";
        let jfruit = json.parse(data);
        for (let i=0; i < count(jfruit); i++){
            locMsg += i+") "+jfruit[i]+"<br>";
        }
        func_printme(where, locMsg); //Internal function to insert HTML to the specified DIV.
    }
});

}

What may help is to open the Developer Tools in your browser and check the Network tab. When the AJAX request is initiated, you should see the request show up there. From there, you can check if the request data is what you expect, whether the URL is correct and whether the response from the PHP code is successful and what you expected.

If your code never enters the success callback, it might just be that your request wasn’t successful. If that happens, then the error callback is executed.

1 Like
  1. This is live on the site right now so everyone can test it.
    Hidden by MOD → (NavBar) Education → PHP
    Advanced → JSON Parsing
    This is the “JSON Array” button.

  2. The network tab is showing status 200 (ok) for that request.
    It’s showing the data that was sent back which is what I was expecting from the PHP.
    It’s just not running the success callback.
    Hmmm…

Apparently, the “data type” in jQuery AJAX has to do with the type of data expected to RETURN from the server.

I was sending JSON, but I was returning plain HTML text: an error was thrown but was being handled by NOT showing anything.

I changed the “datatype” to “text”, and the success callback is now running.
YEAH!

Errors, but at least it’s something I can see and fix.

1 Like

@TesFalcon

I hid the URL for your website
because you have serious security flaws

for example at this location anyone can RW

a

can make a PHP document, or gain control of the entire site - instead of my example where the extension is txt.

and I see that you also have the file upload option ( as a tutorial )

Please delete my files and make sure such holes will not be possible !
Ssomeone will make some drama and your acc will be closed and you will be blamed.

3 Likes

Testing and learning.

Creating and writing to files in PHP is a common and elementary thing.
Hacking methods to get malicious with it is neither common nor elementary.

Virgins think touching is cool.
Rapists think power is cool.

Thanks for the heads up. I’ll screen the file name to allow TXT only.

1 Like

in your case, it is also dangerous to see the contents of folders
so you can handle it like this:

If you do not want people to see the contents of your folders

create in root of htdocs file named .htaccess
and put this code in it

# Disable Directory Listings in this Directory and Subdirectories
# This will hide the files from the public unless they know direct URLs
Options -Indexes

use monstaFTP (file manager) from the client area
because many text editors can add BOM or wrong charset

or create a dummy index.html file (in every dir in which you wish)
purely to serve something instead of listing

2 Likes

Use full word and sentences, please.
Not shorthand tech jargon.

1 Like

File creation restricted to .txt.

File upload already restricted to image files <5mb.

can you say which part of my post you didn’t understand ?

in your case, it is also dangerous to see the contents of folders
If you do not want people to see the contents of your folders

Isn’t that YOUR job as net admin to restrict access to who can view the files in the folder directly?

create in root of htdocs file named .htaccess

What’s a ROOT?
That’s a nice extension. What’s the file name?

use monstaFTP (file manager) from the client area

I usually use FileZilla. Is this NOT acceptable?

because many text editors can add BOM or
wrong charset

What does that even mean?
Heaven forbid they read my file in Wingding.

I’m ordinary user as you are
only in addition, I have a moderator status on this forum

htdocs folder of your XY.rf.gd.
directly in it, not in some subfolder
that’s what I mean when I say in the root of htdocs

it’s not a matter of uploading, but monstaFTP also has an edit function
and with it you can create a file called .htaccess
and then edit it in the way of the paste code I gave you plus save.


for example you type in the address bar of the browser

your domain/php/

and a list of all files is obtained

which can be useful to a malicious person
when used option from the tutorial writing to file

if the content is listed
then he easily finds the name of the file in which to write bad code

or anything else in terms of gathering information

click here in my original post
image

2 Likes

That wiki is less understandable than Wingdings.

in short : interferes with the use of UTF-8 by software that does not expect non-ASCII bytes

and then the code doesn’t work or “everything” breaks or hieroglyphs are displayed,etc.

I have 2 hrs a day to learn what I learn.
What sort of rabbit hole are you expecting me to fall into, Alice?
UTF-8?

we’re all mad here :slight_smile:

I try to include a link in my posts, so for additional info on what UTF-8 is, just click on it,
it is also the default charset on the server

2 Likes

And how does this help me get to where I’m going?

when I go to XY.rf.gd/php I get “403 forbidden”.

that’s the point - that one cannot dig through directories
rather “must” follow the menu from your website

and please do not publish your address until you have “patched” everything



image

it would be good to allow only alphanumeric characters here ( for all input )
because with some manipulation, anything could happen.

And that creation of directories and files could quickly lead you to the inode maximum if someone malicious goes in that direction.

4 Likes