gamesmstr

No. If I use php to generate and send the security code to mysql, and at the end use php mysql to pull that code to verify that the code sent via post was correct, you should have a secure system. I had a similar problem in a game I run. It had a series of challenges to win a big prize. To avoid people attempting to run the final JS command out of sequence, I set up a step column in the user db. It set it to 0 at the start of the challenge and after each sequence updated the database with a new step value. At teach challenge, it checked the step column to verify that the value was valid. If it wasn't, I had it send me a nice little message about who was doing it. Got rid of a few hackers that way.

But he'd have to know what to send and it would not be visible in the browser url bar. If that variable was a random number generated upon the 1st line display and stored in a db, then passed on the last line and verified against the one stored in the db, there would be no way of knowing what that variable was until after the final code was executed. One thing that might help is if I knew exactly what this is supposed to be. Only thing I can think of is a trivia game or something similar where is gives hints.

Put a JS function in the parent file in the HEAD section with your AJAX function. Something like this: function filform(formval1,formval2,formval3){ document.getElementById("formfield1").value=formval1; document.getElementById("formfield2").value=formval2; document.getElementById("formfield3").value=formval3; } Then call that function from inside getuser.php <script>javascript:fillform('<?php echo"$formval1,$formval2,$formval3";?>');</script> Not really thinking clearly right now, but something like that SHOULD work.

Use a variable passed through the ajax function via the POST method.

Not if you used php to do it.

I'm going to have to leave for a bit, so I'll try to respond to this later, but does getusers.php generate the values from the query or is it a passed variable?

Either validate the x variable or have it sent via the POST method. One thing I have used is a db trigger. Have a column called "showend" with a value of 0. On displaying the last line, flip that to 1 and make your endActions.php file dependant on the value of showend.

There are ways to hide the code from the average user from using the "Show Source", but anyone with firefox and a firebug plugin will get around it and those are the guys you are worried about, not the casual user. Instead of hiding it, why not just validate the event calling the function?

Not sure what your question really is. What exactly are you wanting to do?

Ah, so the only problem left is that it simply won't target that form field with the value. One last thing you might try... Change this: document.getElementById("agentID").innerHTML=xmlhttp.responseText; to this: document.getElementById("agentID").value=xmlhttp.responseText; Don't know why I didn't think of that before. this is how I update form fields with price totals etc.. without actually submitting the form. This is the JS function totalprice(){ var quant = document.getElementById("quantity").value; var price = document.getElementById("price").value; var tot = quant*price; document.getElementById("total").value=tot; } And this is the form with trigger: Quantity: <input type="text" size="10" id="quantity" name="quantity" value="0" onKeyUp="totalprice();"> Price Each: <input type="text" size="10" id="price" name="price" value="0" onKeyUp="totalprice();"> Total Price: <input type="box" size="10" id="total" name="total" READONLY value="0"> Good luck!

I think I know what your problem is. You are using the same ajax request function (xmlhttp) to update 2 different targets an the same page. I had the same problem with my chat page. Create a separate function for each (ie. xmlhttp and xmlhttp2) and your issue will probably disappear.

JS is by definition a client side language. It's presence in the browser page code is part of what makes the page work in the browser. Hiding that is tricky.

if(ajaxRequest.readyState == 4 && ajaxRequest.status == 200) { document.getElementById("targetdiv").innerHTML = ajaxRequest.responseText; } Add that into your JS and substitute your div's id for "targetdiv"

try this. Just have your php file echo "test" instead of a variable. Make sure your connection portion is working. If it does, then we know it is how the variable is being passed.

You are targeting the wrong field with your AJAX function. Try changing this: document.getElementById("txtHint").innerHTML=xmlhttp.responseText; to this: document.getElementById("agentID").innerHTML=xmlhttp.responseText;

I forgot to mention something. The variables passed will be varval0, varval1,... and the field values will be fieldval0,fieldval1,... just use the $_POST method to retrieve them.

either that or use JS to update the value of the form field and it can be done from inside the ajax call. Just make sure you assign an ID to the field Example: <INPUT TYPE="TEXT" ID="myfield"> The JS command would be something like this: document.getElementById("myfield").value=q; Where q was the variable containing the value you wanted to update the field with. And don't sweat it. AJAX is confusing at first, but once you get the hang of it, it really makes a pretty website.

While doing some late night developing, I got very tired of having to write a new ajax script for every new condition I had in a page, so I decided to see what I could do about making 1 function to handle any data I wanted to pass. And so I did. It worked so well, I thought I'd share here and see if any of you could 1) improve it or 2) use it. The format to call it is: AJAX(TargetContainer,Filename,Variable1+variable2+...,FormField1+FormField2+...) Take a look and let me know what you think. <script type="text/javascript"> function createXMLHttpRequest() { if (typeof XMLHttpRequest != 'undefined') { return new XMLHttpRequest(); } try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { return new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) {} } return false; } function AJAX(target,filename,vars,fields) { var maindiv = createXMLHttpRequest(); var params = ''; if (vars != ''){ var varval=vars.split("+"); for(var i = 0;i < varval.length;i++){ if (params == ''){ params=params + "varval" + i + "=" + varval[i]; } else { params=params + "&varval" + i + "=" + varval[i]; } } } if (fields != ''){ var field=fields.split("+"); var fieldval=new Array(field.length); for(var i = 0;i < field.length;i++){ fieldval[i]=document.getElementById(field[i]).value; if (params == ''){ params=params + "fieldval" + i + "=" + fieldval[i]; } else { params=params + "&fieldval" + i + "=" + fieldval[i]; } } } maindiv.open("POST",filename, true); maindiv.setRequestHeader("Content-Type","application/x-www-form-urlencoded"); maindiv.onreadystatechange = function() { if(maindiv.readyState == 4 && maindiv.status == 200) { document.getElementById(target).innerHTML = maindiv.responseText; refresh_stats(); } } maindiv.send(params); } </script> If anyone wants to use it, feel free! Just credit me. Gabriel Pettit

I feel your pain. Yup Time to go elsewhere. 4 days is just unprofessional to leave their customers with no information.

Yup. To get the variables you'll need to do something like this for GET method: $q=$_GET(q); and this for POST: $q=$_POST(q); then do whatever you are wanting the file to do. All output from that file will be shown in the target DIV

I think I might know what the problem is. I see something similar in the game I run. If you are using sessions and log in under www.mysite.com and then type in an address without the www like mysite.com/myfile.php it will tell you you are not logged in. Sessions are site specific and the WWW counts.

Step 1: In the <HEAD> section of your parent file create a JS function to open an XMLHTTPrequest. This is what allows AJAX to load a php file. <SCRIPT> function createXMLHttpRequest() { if (typeof XMLHttpRequest != 'undefined') { return new XMLHttpRequest(); } try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { return new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) {} } return false; }</SCRIPT> Step 2: Define a function that gets what you need and sends it to it's target <SCRIPT> function AJAX(var1) { var xmlHttp = createXMLHttpRequest(); //var1 is passed with the function call, var2 is form data that can be retrieved var var2 = document.getElementById("var2data").value; //this sets up the parameters to be sent using the POST method later params = "var1=" + var1 + "&var2=" + var2; //this opens the target php file and tells it what method data will be sent in xmlHttp.open("POST","targetfile.php", true); xmlHttp.setRequestHeader("Content-Type","application/x-www-form-urlencoded"); xmlHttp.onreadystatechange = function() { if(xmlHttp.readyState == 4 && xmlHttp5.status == 200) { //this tells it where to put the output of the target php file document.getElementById("dynamic_update").innerHTML = xmlHttp.responseText; } } //This sends the var1 and var2 variables we defined earlier via the POST method xmlHttp.send(params); } Hope that helps!

Before you do anything, make sure your JS functions are located in the <HEAD> section of the parent file. It sounds like you are wanting to be able to pull form data and pass it to a file called getuser.php using the GET method. I personally prefer POST as it is more secure, but I think we can work with what you have. You are passing a variable (str) but you'll have to get that variable the JS way, not the HTML way. 1st assign an ID to your select: <select name="users" id="users" onchange="javascript:showUser();"> Now, Lets get the value of that from inside the AJAX function. <script type="text/javascript"> function showUser(){ var str = document.getElementById("users").value; if (str=="") { document.getElementById("txtHint").innerHTML=""; return; } if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp=new XMLHttpRequest(); } else {// code for IE6, IE5 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { document.getElementById("txtHint").innerHTML=xmlhttp.responseText; } } xmlhttp.open("GET","getuser.php?q="+str,true); xmlhttp.send(); } </script> Try that out and see what happens. As for targeting other types of HTML containers, I've never tried it, but it it my understanding that if it has an ID and can contain what you are sending it, then it should work. Good luck!

Yup! I ran into this one with a chat page I made. When I posted to the Database I had to use the JS function encodeURIComponent() on it to get it to encode correctly. Use decodeURIComponent to decode it.

I'm not sure I follow what you are trying to do there. If you are trying to open a php file within a php file from an ajax call, I'm not sure that will work. Remember that xmlHttp_out is simply a variable assigned to a return from the function that creates the XML request. What you CAN do is include the 1st file as a function that return the data for the 2nd file and call that via ajax.