Wednesday, 20 November 2013

How to call PHP function from JavaScript function? Always use AJAX.

How to call PHP function from JavaScript function? Always use AJAX.

Recently, I was developing a web application in PHP. I get into the need of calling my PHP function from my Javascript function. This is the common thing when you are developing a web application in PHP and have to call a PHP code from Javascript to refresh only a certain portion of your web page with server results. Always use AJAX to achieve this functionality. Using AJAX you can call server side code / functions (your PHP code) from client side (Javascript). Below is the PHP and Javascript code snippet to illustrate this concept. 

This is very simple example on how to call server side functions of PHP from client browsers (Javascript)? In following example, I have a PHP file named myscript.php which has function named myfunction(). This function uses two $_POST variables and just echoes them. I have mydiv HTML div anywhere on my webpage which I want to refresh with the result which is returned from my PHP script. In my Javascript code, I am using AJAX to call my PHP script with parameters and POST method. The result which is getting returned, I am showing that in mydiv HTML div. 

Have a look at this very simple PHP AJAX example:

PHP code

<?php

myfunction();

function myfunction()
{
$myvar = $_POST['q']." how are you?";
$myvar2 = $_POST['z'];
echo $myvar."\n".$myvar2;
}
?>

HTML code

<div id="mydiv"></div>

Javascript code

var data =" hello world";
var data2=" hello all";
function run()
{
$.ajax(
{
                   url: 'myscript.php',
                data: {'q': data,'z':data2},
                   type: 'post',
                   success: function(output) 
                {
                          //alert(output);
                          document.getElementById("mydiv").innerHTML += output; //add output to div  
                }
}
          );
}

5 comments:

  1. Thank you for sharing such a great post,
    this code works... :)

    ReplyDelete
  2. You are using jquery ajax call, At least mention to use jquery.

    ReplyDelete
  3. Your code is very vulnerable. You're not filtering the $_POST variable at all. This opens yourself to HTML injection. A hacker could pwn your web site very quickly if you used this code. Careless examples like yours is exactly why so many web sites are hacked.

    ReplyDelete
    Replies
    1. Thanks for your comments. I had not added security code here because I just wanted to make this example simple. However, I have written a small post on how to secure jQuery AJAX calls in PHP from hackers here because of your comments...http://theprofessionalspoint.blogspot.in/2013/11/how-to-secure-jquery-ajax-calls-in-php.html

      Delete
  4. While your new post does add some security, it does nothing in terms of filtering the $_POST variable. The hacker could still supply a script tag in the 'q' and 'z' parameters that you send to the server, which get outputted to the page with no filtering. You should encode the output (use php's htmlentities function) so characters like less than (<) get encoded to <, which would keep an embedded script tag from getting executed. Your new post ignores the output portion of this script, which is true vulnerability of the code.

    ReplyDelete