Solved

Ajax code returns error.

Posted on 2013-01-24
10
442 Views
Last Modified: 2013-01-25
Dear Experts,

I have a contact webform where customers to our website fill in to submit data to us. The form was working perfectly fine for quite a long time, and suddenly it seems to have broken and cease to work.

The changes that took place are the following:
1) Our webhost migrated to a new server, and changed our account, files to the new server. Wonder if this change made any difference in the setting and broke our website.

2) I was running a 6scan (www.6scan.com) on my website and it reported a few vulnarabilities (XML injection or something like that). So I signed up for an account and 6scan fixed the vulnarabilities. I wonder if this fix broke something.

It could be either of the above 2 and I don't know for sure.

Below is the AJAX code which doesn't seem to work.

<script type="text/javascript">
$(function() {
 
    $("#promo").blur(function() {
        // getting the value that user typed
        var promoCode = $("input#promo").val();
        // forming the queryString
        var data = 'promocode='+promoCode;
 
        // if searchString is not empty
        if(promoCode) {
            // ajax call
            $.ajax({
                type: "POST",
                url: "promocode.php",
                data: data,
                beforeSend: function(html) { // this happens before actual call
                    $("label#promo_msg").show();
                    $("label#promo_msg").html("&nbsp;&nbsp;Validating..");
               },
               success: function(html){ // this happens after we get results
                    $("label#promo_msg").show();
                    $("label#promo_msg").html("&nbsp;&nbsp;"+html);
              }
            });
        }
		else
		{
			$("label#promo_msg").hide();
			$("label#promo_msg").html("");
		}
        return false;
    });
});
</script>

Open in new window


The code is used by:

                    <tr>
                        <td class="fields">
                            <label for="promo" id="promo_label">Promo Code (Optional)</label></td>
                        <td>
                            <input type="text" size="40" maxlength="200" id="promo" name="promo" class="text-input" />
                            <label class="org" for="promo" id="promo_msg">&nbsp;&nbsp;</label>
                        </td>
                    </tr>

Open in new window


The idea is, when the user enters a promo code, a Ajax call is made and the validity of the promo code is checked. Also, if the code is valid, it displays info on the promo_msg label.

The ajax beforeSend: event seems to execute fine, and I see the text "Validating..." displayed. But that's about it. I don't see the success: event being triggered.

I have executed the "promocode.php" manually, and it seems to be working fine with no issues.

What could be the issue? How can I fix this?

Thanks!
0
Comment
Question by:shaf81
  • 5
  • 5
10 Comments
 
LVL 82

Expert Comment

by:leakim971
Comment Utility
replace line 8:
var data = 'promocode='+promoCode;
by :
var data = 'promocode='+ encodeURIComponent(promoCode);

Be sure to use $_POST or $_REQUEST inside promocode.php to get the promo code value
because you're using POST line 14 so I'm not sure how you was able to test it typing the url of promocode.php... Using $_REQUEST?

else I see nothing wrong in this part of your code...

could you use this simple promocode.php (for testing purpose...) or create a new file and change line 15 with the new name :

<?php
       var_dump($_POST);
?>

Open in new window

0
 
LVL 3

Author Comment

by:shaf81
Comment Utility
Hi,

I made the change you suggested, but things still look the same. Also I replaced the promocode.php with your simple var_dump($_POST) but nothing changed. Would I expect to see the var_dump output? No right, coz that script is called on a ajax request at the background, so where will the var_dump output goto?

Anyway, below is my actual promotcode.php script.


<?php
error_reporting(E_ALL);

date_default_timezone_set('UTC');

$pcode = $_POST['promocode'];

    if(isset($pcode)){
        
    $tbl = "20120220_K";
    
    $connection=@mysql_connect("localhost", "am_promo", "dasfd1HTt") or die ("DB Error:01");
    $db=@mysql_select_db("am_promo", $connection) or die("DB Error:02");
        
        
        if(get_magic_quotes_gpc())  // prevents duplicate backslashes
        {
            $string = stripslashes($pcode);
        }
        if (phpversion() >= '4.3.0')
        {
            $string = mysql_real_escape_string($pcode);
        }
        else
        {
            $string = mysql_escape_string($pcode);
        }
    
    $pcode = $string;
          
    $sql = "select DESCR from $tbl where PROMOCODE='$pcode' and USED=0 and EXPIRY>='".date('Y-m-d')."'";
    $rs = mysql_query($sql,$connection) or die("DB Error:03");
    
    if(mysql_num_rows($rs)>0){
        
        $row=mysql_fetch_row($rs);
        echo $row[0];
        
    }else{
        echo "Invalid Code";        
    }

};

?>

Open in new window


You asked how i tested this script manually, because it involves a POST string.
Well, on line 7, I entered
$pcode="testcode";

Open in new window

and hardcoded the code, before calling the script manually.
0
 
LVL 82

Expert Comment

by:leakim971
Comment Utility
No right, coz that script is called on a ajax request at the background, so where will the var_dump output goto?

 success: function(html){

do you have a link to see your page?

add this to you ajax call :
error: function(jqXHR,textStatuserrorThrown) {
      alert(jqXHR + "\n" + textStatus + "\n" + errorThrown);
}

Open in new window

0
 
LVL 3

Author Comment

by:shaf81
Comment Utility
hi,

I have included the error: event. did a slight change than what you suggested to the error: event. this is how it looks now. Have a look:

<script type="text/javascript">
$(function() {
 
    $("#promo").blur(function() {
        // getting the value that user typed
        var promoCode = $("input#promo").val();
        // forming the queryString
        var data = 'promocode='+encodeURIComponent(promoCode);
 
        // if searchString is not empty
        if(promoCode) {
            // ajax call
            $.ajax({
                type: "POST",
                url: "promocode.php",
                data: data,
                beforeSend: function(html) { // this happens before actual call
                    $("label#promo_msg").show();
                    $("label#promo_msg").html("&nbsp;&nbsp;Validating..");
               },
               success: function(html){ // this happens after we get results
                    $("label#promo_msg").show();
                    $("label#promo_msg").html("&nbsp;&nbsp;"+html);
              },
              error: function(jqXHR,textStatuserrorThrown) {
                    	$("label#promo_msg").show();
                        $("label#promo_msg").html("&nbsp;&nbsp;"+jqXHR + "-" + textStatus + "-" + errorThrown);

      			alert(jqXHR + "\n" + textStatus + "\n" + errorThrown);
		}
            });
        }
		else
		{
			$("label#promo_msg").hide();
			$("label#promo_msg").html("");
		}
        return false;
    });
});
</script>

Open in new window


Yes, the page is available at:
http://tseyva.com/contact.php

Just enter something on the promo code box and lose focus on it by moving to another input box, and you should see whats happening.

Infact, I have the same issue with the submit button, but I think if I solve the promo code issue, the submit is also related to it in the same way, and i can fix that too.
0
 
LVL 82

Assisted Solution

by:leakim971
leakim971 earned 500 total points
Comment Utility
here the error :
<h1>Forbidden</h1>
<p>You don't have permission to access /promocode.php
on this server.
</p>
<p>Additionally, a 404 Not Found
error
was encountered while trying to use an ErrorDocument to handle the request.</p>

you confirm the file is promocode.php and not promotcode.php ? what about the permission (should be 644 for this file)? what about the path?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 3

Author Comment

by:shaf81
Comment Utility
eh? from where did you get that error? It was on my webpage? I'm unable to see such a error anywhere?

The file is "promocode.php" and it's residing at the document root. you can access the file via http://www.tseyva.com/promocode.php

The file permission is set to: 644
0
 
LVL 82

Assisted Solution

by:leakim971
leakim971 earned 500 total points
Comment Utility
eh? from where did you get that error? It was on my webpage? I'm unable to see such a error anywhere?

you need to use a debugger or a sniffer tools to see what the ajax call return

Request URL:http://tseyva.com/promocode.php
Request Method:POST
Status Code:403 Forbidden

look like your site, required authentication for this folder
0
 
LVL 3

Author Comment

by:shaf81
Comment Utility
Hmm... Interesting. I just used the webconsole on Firefox and I see the same too. Thank you for the direction. I think some setting might be conflicting here. We're able to access the file directly, but not via the Ajax call, so any idea what could be the reason for it?
0
 
LVL 82

Accepted Solution

by:
leakim971 earned 500 total points
Comment Utility
try to use GET instead POST method

ajax call line 14 use :
 type: "GET",
instead :
 type: "POST",

do the same for your php script :
$pcode = $_GET['promocode'];
instead :
$pcode = $_POST['promocode'];

if it work you know your need to change some setting on your server
0
 
LVL 3

Author Comment

by:shaf81
Comment Utility
Aha! the GET worked.

And guess what, I tried to apply the same to the Submit button as well, but without any changes, the POST works just find on the submit. It wasn't working, and now out of the blues, it does! - Weird.

Anyway, thanks for all the help. Accepting the solution now!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
This article discusses how to create an extensible mechanism for linked drop downs.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
The viewer will learn how to dynamically set the form action using jQuery.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now