Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 454
  • Last Modified:

Ajax code returns error.

Dear Experts,

I have a contact webform where customers to our website fill in to submit data to us. The form was working perfectly fine for quite a long time, and suddenly it seems to have broken and cease to work.

The changes that took place are the following:
1) Our webhost migrated to a new server, and changed our account, files to the new server. Wonder if this change made any difference in the setting and broke our website.

2) I was running a 6scan (www.6scan.com) on my website and it reported a few vulnarabilities (XML injection or something like that). So I signed up for an account and 6scan fixed the vulnarabilities. I wonder if this fix broke something.

It could be either of the above 2 and I don't know for sure.

Below is the AJAX code which doesn't seem to work.

<script type="text/javascript">
$(function() {
 
    $("#promo").blur(function() {
        // getting the value that user typed
        var promoCode = $("input#promo").val();
        // forming the queryString
        var data = 'promocode='+promoCode;
 
        // if searchString is not empty
        if(promoCode) {
            // ajax call
            $.ajax({
                type: "POST",
                url: "promocode.php",
                data: data,
                beforeSend: function(html) { // this happens before actual call
                    $("label#promo_msg").show();
                    $("label#promo_msg").html("&nbsp;&nbsp;Validating..");
               },
               success: function(html){ // this happens after we get results
                    $("label#promo_msg").show();
                    $("label#promo_msg").html("&nbsp;&nbsp;"+html);
              }
            });
        }
		else
		{
			$("label#promo_msg").hide();
			$("label#promo_msg").html("");
		}
        return false;
    });
});
</script>

Open in new window


The code is used by:

                    <tr>
                        <td class="fields">
                            <label for="promo" id="promo_label">Promo Code (Optional)</label></td>
                        <td>
                            <input type="text" size="40" maxlength="200" id="promo" name="promo" class="text-input" />
                            <label class="org" for="promo" id="promo_msg">&nbsp;&nbsp;</label>
                        </td>
                    </tr>

Open in new window


The idea is, when the user enters a promo code, a Ajax call is made and the validity of the promo code is checked. Also, if the code is valid, it displays info on the promo_msg label.

The ajax beforeSend: event seems to execute fine, and I see the text "Validating..." displayed. But that's about it. I don't see the success: event being triggered.

I have executed the "promocode.php" manually, and it seems to be working fine with no issues.

What could be the issue? How can I fix this?

Thanks!
0
shaf81
Asked:
shaf81
  • 5
  • 5
3 Solutions
 
leakim971PluritechnicianCommented:
replace line 8:
var data = 'promocode='+promoCode;
by :
var data = 'promocode='+ encodeURIComponent(promoCode);

Be sure to use $_POST or $_REQUEST inside promocode.php to get the promo code value
because you're using POST line 14 so I'm not sure how you was able to test it typing the url of promocode.php... Using $_REQUEST?

else I see nothing wrong in this part of your code...

could you use this simple promocode.php (for testing purpose...) or create a new file and change line 15 with the new name :

<?php
       var_dump($_POST);
?>

Open in new window

0
 
shaf81Author Commented:
Hi,

I made the change you suggested, but things still look the same. Also I replaced the promocode.php with your simple var_dump($_POST) but nothing changed. Would I expect to see the var_dump output? No right, coz that script is called on a ajax request at the background, so where will the var_dump output goto?

Anyway, below is my actual promotcode.php script.


<?php
error_reporting(E_ALL);

date_default_timezone_set('UTC');

$pcode = $_POST['promocode'];

    if(isset($pcode)){
        
    $tbl = "20120220_K";
    
    $connection=@mysql_connect("localhost", "am_promo", "dasfd1HTt") or die ("DB Error:01");
    $db=@mysql_select_db("am_promo", $connection) or die("DB Error:02");
        
        
        if(get_magic_quotes_gpc())  // prevents duplicate backslashes
        {
            $string = stripslashes($pcode);
        }
        if (phpversion() >= '4.3.0')
        {
            $string = mysql_real_escape_string($pcode);
        }
        else
        {
            $string = mysql_escape_string($pcode);
        }
    
    $pcode = $string;
          
    $sql = "select DESCR from $tbl where PROMOCODE='$pcode' and USED=0 and EXPIRY>='".date('Y-m-d')."'";
    $rs = mysql_query($sql,$connection) or die("DB Error:03");
    
    if(mysql_num_rows($rs)>0){
        
        $row=mysql_fetch_row($rs);
        echo $row[0];
        
    }else{
        echo "Invalid Code";        
    }

};

?>

Open in new window


You asked how i tested this script manually, because it involves a POST string.
Well, on line 7, I entered
$pcode="testcode";

Open in new window

and hardcoded the code, before calling the script manually.
0
 
leakim971PluritechnicianCommented:
No right, coz that script is called on a ajax request at the background, so where will the var_dump output goto?

 success: function(html){

do you have a link to see your page?

add this to you ajax call :
error: function(jqXHR,textStatuserrorThrown) {
      alert(jqXHR + "\n" + textStatus + "\n" + errorThrown);
}

Open in new window

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
shaf81Author Commented:
hi,

I have included the error: event. did a slight change than what you suggested to the error: event. this is how it looks now. Have a look:

<script type="text/javascript">
$(function() {
 
    $("#promo").blur(function() {
        // getting the value that user typed
        var promoCode = $("input#promo").val();
        // forming the queryString
        var data = 'promocode='+encodeURIComponent(promoCode);
 
        // if searchString is not empty
        if(promoCode) {
            // ajax call
            $.ajax({
                type: "POST",
                url: "promocode.php",
                data: data,
                beforeSend: function(html) { // this happens before actual call
                    $("label#promo_msg").show();
                    $("label#promo_msg").html("&nbsp;&nbsp;Validating..");
               },
               success: function(html){ // this happens after we get results
                    $("label#promo_msg").show();
                    $("label#promo_msg").html("&nbsp;&nbsp;"+html);
              },
              error: function(jqXHR,textStatuserrorThrown) {
                    	$("label#promo_msg").show();
                        $("label#promo_msg").html("&nbsp;&nbsp;"+jqXHR + "-" + textStatus + "-" + errorThrown);

      			alert(jqXHR + "\n" + textStatus + "\n" + errorThrown);
		}
            });
        }
		else
		{
			$("label#promo_msg").hide();
			$("label#promo_msg").html("");
		}
        return false;
    });
});
</script>

Open in new window


Yes, the page is available at:
http://tseyva.com/contact.php

Just enter something on the promo code box and lose focus on it by moving to another input box, and you should see whats happening.

Infact, I have the same issue with the submit button, but I think if I solve the promo code issue, the submit is also related to it in the same way, and i can fix that too.
0
 
leakim971PluritechnicianCommented:
here the error :
<h1>Forbidden</h1>
<p>You don't have permission to access /promocode.php
on this server.
</p>
<p>Additionally, a 404 Not Found
error
was encountered while trying to use an ErrorDocument to handle the request.</p>

you confirm the file is promocode.php and not promotcode.php ? what about the permission (should be 644 for this file)? what about the path?
0
 
shaf81Author Commented:
eh? from where did you get that error? It was on my webpage? I'm unable to see such a error anywhere?

The file is "promocode.php" and it's residing at the document root. you can access the file via http://www.tseyva.com/promocode.php

The file permission is set to: 644
0
 
leakim971PluritechnicianCommented:
eh? from where did you get that error? It was on my webpage? I'm unable to see such a error anywhere?

you need to use a debugger or a sniffer tools to see what the ajax call return

Request URL:http://tseyva.com/promocode.php
Request Method:POST
Status Code:403 Forbidden

look like your site, required authentication for this folder
0
 
shaf81Author Commented:
Hmm... Interesting. I just used the webconsole on Firefox and I see the same too. Thank you for the direction. I think some setting might be conflicting here. We're able to access the file directly, but not via the Ajax call, so any idea what could be the reason for it?
0
 
leakim971PluritechnicianCommented:
try to use GET instead POST method

ajax call line 14 use :
 type: "GET",
instead :
 type: "POST",

do the same for your php script :
$pcode = $_GET['promocode'];
instead :
$pcode = $_POST['promocode'];

if it work you know your need to change some setting on your server
0
 
shaf81Author Commented:
Aha! the GET worked.

And guess what, I tried to apply the same to the Submit button as well, but without any changes, the POST works just find on the submit. It wasn't working, and now out of the blues, it does! - Weird.

Anyway, thanks for all the help. Accepting the solution now!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now