How to securely send POST data between JQuery and PHP? [duplicate] - javascript

This question already has answers here:
How to send secure AJAX requests with PHP and jQuery
(3 answers)
How can I prevent SQL injection in PHP?
(27 answers)
Closed 5 years ago.
I would like to send data from a Jquery script to a php page using POST.
My code is as follows:
$.ajax({
type: "POST",
url: 'http://mywebsite.com/add_data.php',
data: {value1: some_value,
value2: 123,
value3: ABC
},
My php script captures the data and records them in MySQL database.
$myvalue1 = $_POST['value1'];
$myvalue2 = $_POST['value2'];
$myvalue3 = $_POST['value3'];
The problem is that since JS code is visible in the source code, anyone can submit anything to my database...
Is there an easy way to make it more secure and prevent this from happening?
Any advice appreciated.

All data from the client always MUST be validated and sanitized, because all data from the client can be modificated/falsificated.

Related

How can I send data to Flask Server? [duplicate]

This question already has answers here:
How do I post form data with fetch api?
(11 answers)
Fetch: POST JSON data
(17 answers)
Get the data received in a Flask request
(23 answers)
Closed 2 years ago.
I'm new using flask or JS, as that, I can't find a way to do what I want to.
I created a webserver using flask (in python) and it uses index.html as main page, I wanted to update data to the server every few secounds (maybe 1-3 secs). The thing is, I don't have any form to work with, or even queries and I don't know what else can I work with. The data I want to send is small string to be saved on server host later on.
<body>
<center>
<button onmousedown="sendDirectionKey('^')">^</button>
...
</center>
</body>
<script>
function sendDirectionKey(Key)
{
...
sendData(data_string);
}
function sendData(data)
{
...
}
</script>
An easy modern solution is the fetch() API:
function sendData(data)
{
const body = new FormData();
body.append("key", data);
return fetch("/receive", {method: "POST", body, credentials: "include"});
}
The equivalent receiver on the Python side would be something like
#app.route("/receive", methods=["POST"])
def receive():
print(request.form) # should have a `key` key

How can I send a JS variable to PHP function in Codeigniter? [duplicate]

This question already has answers here:
How does Codeigniter receive the ajax post data in controller
(3 answers)
Closed 3 years ago.
I want to pass a variable from JS script to PHP function on a CI Controller. I tried doing this
$.post(base_url+'Controller/function/', {id_formula:id_formula});
but I still get a CodeIgniter error
Message: Missing argument 1 for Controller::function()
Can you help me to solve it? please
That because your controller probably looks like this:
function function($id_formula)
{
...
}
But you are not actually passing "id_formula" as a URL get, but as a post.
Change it to:
function function()
{
$id_formula = $this->input->post('id_formula');
}

How to assign value of jQuery to PHP SESSION in javascript [duplicate]

This question already has answers here:
How to assign JavaScript variable to PHP session variable?
(2 answers)
Closed 4 years ago.
This is my code I am Assigning a value to PHP but Not able to get in PHP SESSION. Tried all possible way. Also, I tried to set SESSION from javascript not get values.
var designation = $("#Designation").val();
<?php $_SESSION['lclDesignation'] = "<script type='text/javascrip'>alert(desi);</script>"?>
It's not possible to directly assign session value. using AJAX to assign the session value. Please review below code
var designation = $("#Designation").val();
$.ajax({
url: "session.php",
type: "POST",
data : {'designation' : designation },
success: function(html){
}
});
Then create the session.php file paste the below code
session.php
session_start();
$_SESSION['lclDesignation']=$_POST['designation'];

Passing PHP into jQuery [duplicate]

This question already has answers here:
How do I pass variables and data from PHP to JavaScript?
(19 answers)
Closed 6 years ago.
I have an idea how to pass PHP value into a jQuery variable, I have done it in the past and it worked. But I tried the below code but for some reason it not working. I dont know where the problem lies.
I am trying to hide a custom virtuemart drop down cart I designed when the cart is empty.
jQuery(document).ready(function ($) {
var cart = "<?php if ($data->totalProduct) echo $data->cart_show; ?>"
jQuery('.btn-cart1').hover(if (cart === "") {
jQuery(this).find('.dropdown').hide();
}
else {
jQuery(this).find('.dropdown').hide();
jQuery('.btn-cart1').hover(
function() { jQuery(this).find('.dropdown').stop().show(500)},
function() { jQuery(this).find('.dropdown').stop().hide(500)})
}
});
PHP is server side scripting language and is executed well before your javascript executes on web browser.
The correct execution of your code depends on the values of $data->totalProduct & $data->cart_show after the PHP has been executed on your server side and the values are places in your javascript.
It is not a good programming practice and I would strongly suggest you to use AJAX instead to access the values of PHP variables.

How to call php codes inside javascript [duplicate]

This question already has answers here:
What is the difference between client-side and server-side programming?
(3 answers)
Closed 9 years ago.
I want to check the inputs of a form if they are empty and then i want to use php codes for user registeration.
<script>
$('#submitbutton').click(function(){
if($('#usernameinput').val() == ''){
alert('Input is blank');
}
else {
//here i want to use php codes for example;
$bgl = new mysqli("localhost", "root", "", "users");
if ($bgl->connect_errno) {
echo "Failed to connect to MySQL: (" . $bgl->connect_errno . ") " . $bgl->connect_error;
}
$username = mysql_real_escape_string($_POST['username']);
.....
.....
..... /and so on..
}
});
</script>
In this case you most likely want to use $.ajax() to call a PHP page that supplies this information.
jQuery.ajax()
There is no such thing as php and javascript working together like that. Javascript in run on client side and php is run on server side. The best you can to is to pass and retrieve values to and from a php page and then use those values as intended.
You have a few options here. The first is to post the form to a PHP page after the JavaScript validations (just use the form action) or use Ajax and call the PHP page, as Robin says.
That's not posible, you can embed javascript into php code but not vice versa.
The best way to implement that is developing a REST service and retrieving data with AJAX.

Categories

Resources