Ajax，PHP-从数据库获取

i have some problems with collecting the data i fetch from database. Dont know how to continue.

What i did so far:

JQ:

$(document).ready(function(){

  $('#submit').click(function(){

    var white = $('#white').val();

    $.ajax({

    type:"POST",
    url:"page.php",
    data:{white:white}

    });

  });  

});

PHP (requested page.php) so far:

$thing = mysql_real_escape_string($_POST["white"]); 

..database connect stuff..

$query = "SELECT * FROM table1 WHERE parameter='$thing'";

if($row = mysql_query($query)) {

while (mysql_fetch_array($row)) {

    $data[]=$row['data'];

}

}

What i dont know, is how to send out data and receive it with ajax.

What about errors when request is not succesful?

How secure is ajax call against database injection?

Thanks :)

You'll need a success parameter in $.ajax() to get a response once a call is made

$('#submit').click(function(){

    var white = $('#white').val();
    if(white == '')
    {
        // display validation message
    }
    else
    {
       $.ajax({

       type:"POST",
       url:"page.php",
       data:{"white":white}
       success:function(data){
          $('#someID').html(data);
       } 

    });

  });

Whatever you echo (HTML tags or variables) in page.php will be shown in the element whose ID is someID, preferable to keep the element a <div>

In page.php, you can capture the value entered in the input element by using $_POST['white'] and use it to do whatever DB actions you want to

    To send out data to you can write following line at the end :

    echo json_encode($data);exit;


    To receive response and errors when request is not successful in ajax :

jQuery.ajax({
type:"POST",
    url:"page.php",
    data:{white:white},
    asyn: false,
     success : function(msg){      
          var properties = eval('(' + msg + ')');

          for (i=0; i < properties.length; i++) {
            alert(properties[i]);
          }
    },
     error:function (XMLHttpRequest, textStatus, errorThrown) {
         alert(textStatus);
     }

    For Feeling more safety do the following things: 
    1. Open a Session.
    2. Detect Referrer.
    3. Use PDO Object instead mysql_real_escape_string
    4. Detect Ajax call :

    if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || 
    strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !='xmlhttprequest') {
       //Is Not Ajax Call!
   }