call php function without reloading page?

[garyed]

I have a php file that pulls information from another source & takes about 5 to 10 seconds to load.  

After it loads I want to be able to run a php function from the page without waiting for it to reload. 

I found a simple way to do it wit Javascript but my research is telling me it's very dangerous & would open the server to malicious attacks. 

I'm trying to understand why & also to see if there is another simple option to do it. Here's an example of the code I'm using:

<?php
function tester() {
$x= "Get or do anything you want from the server";
echo $x; 
}
?>
<script>
function test1() {
var test = "<?php echo tester(); ?>";
document.getElementById("tx1").innerHTML=test;
}
</script>

<div id="tx1">This shows on page load </div>
<button onclick="test1();"> call php function</button>  

   

Edited Wednesday at 03:43 PM by garyed

[gw1500se]

Javascript is client side code and does not interface with the server. I don't know why/where you got the information that it was dangerous for the server. If it calls a php program on the server the there may be a vulnerability but you can write your php code to assure no unauthorized access.

[garyed]

To go a little further into what I'm planning to do with my php function is to edit a mysql database. 

That's why I was concerned when I read about my javascreipt method of calling the php function being insecure. 

I was trying to figure out how calling a php function with javascript would be any more insecure than any php code that is executed when a page loads.  

 

[mac_gyver]

browsers, including javascript running in the browser, make http(s) requests to web servers. the browser/javascript is not directly calling anything in the php code. the server-side code, on the page that you make the http(s) request to, would build and execute any edit/update query for a database.

to use javascript to make a http(s) request, after the page has been requested and sent to the browser, you would make the request using ajax. see - https://developer.mozilla.org/en-US/docs/Glossary/AJAX

all data submitted in http(s) requests to a web site can come from anywhere, not just your web pages, can be set to anything, and cannot be trusted. you must use the data securely in whatever context you are using it in. if the edit/update operation requires a logged in user having permission to perform an update query, the server-side code must have logic to enforce these conditions. the actual query must securely use the data to protect against any sql special characters in a value being able to break the sql query syntax. the simplest way of providing this protection, for all data types, is to use a prepared query.

what does reading information from a source that takes a long time have to do with editing/updating data in a database?

 

[garyed]

4 hours ago, mac_gyver said:

browsers, including javascript running in the browser, make http(s) requests to web servers. the browser/javascript is not directly calling anything in the php code. the server-side code, on the page that you make the http(s) request to, would build and execute any edit/update query for a database.

to use javascript to make a http(s) request, after the page has been requested and sent to the browser, you would make the request using ajax. see - https://developer.mozilla.org/en-US/docs/Glossary/AJAX

all data submitted in http(s) requests to a web site can come from anywhere, not just your web pages, can be set to anything, and cannot be trusted. you must use the data securely in whatever context you are using it in. if the edit/update operation requires a logged in user having permission to perform an update query, the server-side code must have logic to enforce these conditions. the actual query must securely use the data to protect against any sql special characters in a value being able to break the sql query syntax. the simplest way of providing this protection, for all data types, is to use a prepared query.

what does reading information from a source that takes a long time have to do with editing/updating data in a database?

 

I get what you're saying about the server side protecting against a malicious query & I understand I need to work on that. 

My real question is whether there any more danger in using my javascript example to call the php function than if I was to use ajax instead. 

As for the time issue, when the page loads it pulls data from other sources that are not from my server & that is what takes so long. 

Editing my database is virtually instantaneous so there is quite a bit of down time saved if I can do it without reloading the page every time the database is edited.

  

[mac_gyver]

3 minutes ago, garyed said:

My real question is whether there any more danger in using my javascript example to call the php function than if I was to use ajax instead. 

danger of what?

your example doesn't do what you think. the javascript is NOT calling the php function. the php code runs on the web server when the page is requested. the php code is echoing whatever the function produces (and the echo tester(); statement echoes a null value because the function is not returning anything.) if you look at the 'view source' in the browser of the page that this code is on, the output from the php code is already there. all the javascript is doing is taking what was assigned to the test variable and putting it into the id="tx1" element. the code might as well just directly echo whatever the function produces in the markup for the id="tx1" element.

13 minutes ago, garyed said:

Editing my database is virtually instantaneous so there is quite a bit of down time saved if I can do it without reloading the page every time the database is edited.

how often does this remote data change? you would need to cache/persistently store this remote data somewhere in order to avoid reading it again. web servers are stateless. they don't know or care what happens outside of the current http(s) request they are serving. when the php code  on a page ends, all the resources used in the code are destroyed, so the remote data that you read is destroyed.

perhaps if you provide a more helpful example of what you are trying to accomplish, rather than your proposed solution for accomplishing it?

[garyed]

1 hour ago, mac_gyver said:

danger of what?

your example doesn't do what you think. the javascript is NOT calling the php function. the php code runs on the web server when the page is requested. the php code is echoing whatever the function produces (and the echo tester(); statement echoes a null value because the function is not returning anything.) if you look at the 'view source' in the browser of the page that this code is on, the output from the php code is already there. all the javascript is doing is taking what was assigned to the test variable and putting it into the id="tx1" element. the code might as well just directly echo whatever the function produces in the markup for the id="tx1" element.

how often does this remote data change? you would need to cache/persistently store this remote data somewhere in order to avoid reading it again. web servers are stateless. they don't know or care what happens outside of the current http(s) request they are serving. when the php code  on a page ends, all the resources used in the code are destroyed, so the remote data that you read is destroyed.

perhaps if you provide a more helpful example of what you are trying to accomplish, rather than your proposed solution for accomplishing it?

I thought I could just change the php function in my example to a mysql call to edit a database & it would work from plain javascipt but I was obvuiously wrong.

Thanks for setting me straight before I wasted any more time. It looks like I'm going to have to learn some ajax to do what I want. 

As for the page reloading time issue,

I'm sure I can solve the time issue using just php code but I wanted to learn a way to execute a php function without reloading the page.

[mac_gyver]

i'm going to guess that the overall goal you are trying to accomplish is reading data from an api and insert new data into a database table or update existing data? if so, you can accomplish the insert new data/update existing data using a single query. see - https://dev.mysql.com/doc/refman/8.4/en/insert-on-duplicate.html

[garyed]

3 hours ago, mac_gyver said:

i'm going to guess that the overall goal you are trying to accomplish is reading data from an api and insert new data into a database table or update existing data? if so, you can accomplish the insert new data/update existing data using a single query. see - https://dev.mysql.com/doc/refman/8.4/en/insert-on-duplicate.html

Unless I'm missing something that link only descibes how to edit the mysql database which I arleady have no problem with. 

My only prblem is eidting the databse without having to reload the webpage. 

I'm not sure what API you're referring to but I didn't see it on the link you posted but I'm not even sure what API really is.

What I'm looking for is a some way whether it's javascript, ajaxj,jquery or something else that will tell a php function to run on the server without reloding the page.

[gw1500se]

Sounds like an Ajax app to me.