My JQuery does not fire up the sanitize function.I need to take the value from the input field name ,and display it in path input field. Why isn't it working ? The page where all this code is written is called new_page.php , so when the ajax_request function gets fired it does not point to an external page but here on the same page. I use PHP 5.3 and HEIDISQL
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
include('conect.php');
if(($_POST)&&(!empty($_POST['name']))&&(!empty($_POST['path'])) ){
$name=$_POST['name'];
$path=$_POST['path'];
if(isset($_POST['sanitize'])) {
$title=$_POST['sanitize'];
$title = strip_tags($title);
// Preserve escaped octets.
$title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title);
// Remove percent signs that are not part of an octet.
$title = str_replace('%', '', $title);
// Restore octets.
$title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
$title = strtolower($title);
$title = preg_replace('/&.+?;/', '', $title); // kill entities
$title = str_replace('.', '-', $title);
$title = preg_replace('/[^%a-z0-9 _-]/', '', $title);
$title = preg_replace('/\s+/', '-', $title);
$title = preg_replace('|-+|', '-', $title);
$title = trim($title, '-');
echo $title;
}
mysql_query("UPDATE menus SET name='$name' , path='$path'");
}
?>
<html>
<head>
<script type="text/javascript" src="/javascript/jquery-1.8.2.min.js"> </script>
<script>
// create the XMLHttpRequest object, according browser
function get_XmlHttp() {
// create the variable that will contain the instance of the XMLHttpRequest object (initially with null value)
var xmlHttp = null;
if(window.XMLHttpRequest) { // for Forefox, IE7+, Opera, Safari, ...
xmlHttp = new XMLHttpRequest();
}
else if(window.ActiveXObject) { // for Internet Explorer 5 or 6
xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
}
return xmlHttp;
}
// sends data to a php file, via POST, and displays the received answer
function ajaxrequest(php_file, tagID) {
var request = get_XmlHttp(); // call the function for the XMLHttpRequest instance
// create pairs index=value with data that must be sent to server
var the_data = 'sanitize='+document.getElementById('name').innerHTML;
request.open("POST", php_file, true); // set the request
// adds a header to tell the PHP script to recognize the data as is sent via POST
request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
request.send(the_data); // calls the send() method with datas as parameter
// Check request status
// If the response is received completely, will be transferred to the HTML tag with tagID
request.onreadystatechange = function() {
if (request.readyState == 4) {
document.getElementById(tagID).innerHTML = request.responseText;
}
}
}
</script>
</head>
<body>
<form action="<?php $_PHP_SELF ?>" method="post">
<label for="nume">Name</label><input type="text" name="name" id="name" onchange="ajaxrequest('new_page.php', 'path')" />
<label for="cale">Path</label><input type="text" path="path" id="path" />
<input type="submit" name="submit"/>
</form>
</body>
</html>
As already mentioned, you cannot invoke PHP functions using JavaScript because one is a server-side technology and the other is client-side technology and is only executed on the local browser.
The suggested approach for dealing with data, databases, and user input is to use an MVC architecture with ActiveRecord paradigm for data access. If done correctly, all your data should be sanitized within the active record model before committing to the database.
I know this is an old post but I think this will help people searching for this question.
As Zorayr said, PHP is a server-side based language and Javascript or derivatives are client-side. That's because you can not invoke PHP functions from the JS code.
But instead of call a function, you can fire the function with a processed form as you have in your code. The other way is to make a PHP Class and in the same file initialize it.
Example:
<?php
Class MyClass {
function __construct()
{
echo "hello world.";
}
}
$init = new MyClass();
?>
This way you can pass arguments and do whatever more clear.