Jump to content

Recommended Posts

hi, I am using very simple ajax request as below:

 

js file:

function show_ajax_result(str)

{

var timer;

clearTimeout(timer);

var request = new XMLHttpRequest();

request.open("GET", "result.php?sp=" + str, true);

request.onreadystatechange = timer = setTimeout(function()

{

if ((request.readyState != 4) || (request.status != 200))

{

return;

}

document.getElementById("show_result").innerHTML = request.responseText;

}, 400)

request.send(null);

}

 

 

result.php:

<?php

$get = $_GET['sp'];

if($get == 'test') echo 'I am here!';

else echo 'I'm not there yet!';

 

 

?>

 

 

They work perfectly. But as soon as I write the following code the request doesn't respond:

 

$link = new mysqli("localhost", "root", "", "myDB");

 

I think its got to be something with db but I have no idea.

 

Thanks in advance.

Edited by programming.name

Totally unrelated to your actual question, but just wanted to point out the user in your mysqli is root. This is considered a bad practice since root is the ultimate god of gods on your database server. He has control of everything and if for any reason the integrity of your script were compromised and the plaintext password in the next field were revealed to the wrong person then you give them lots of powers you really don't want them to have. Especially if you are on say a linux host and you use the same password for root on the mysql server as you do for the root user account (also probably not the best practice) or if you are using shared access hosting with something like cpanel and your password for root on the mysql server is the same as your cpanel access password. This gives up way too much power to someone. I'm not saying that your way is wrong or anything, but it is not the safest way to handle things. A better practice would be to create a user for the database you are working with and give it a random password and only enough access to do the things you want it to be able to do to the database (Ex. only grant it SELECT if you are not going to do any kind of changes to the database from your script.) If you do it this way then the worst that someone can do with the information is read the values stored in the tables on that one database. Restricting access in this manner makes it far less likely that bad things happen to you.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.