Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Jan 2010
    Location
    In a dump
    Posts
    64
    Thanks
    9
    Thanked 2 Times in 2 Posts

    jquery post not working.

    I am making a CMS php page which loads a list of items from a database and displays them on a page in a table. I want to delete the items from the db and then update the page. I have all the elements in place however when I call my php to delete the items using jquery it says I dont have access to the file. However if I include the file containing the php in another document it works. I dont know why it is being gay.

    The jquery is:
    Code:
    function remove_items(){
    	
    	var sql = "";
    	
    	$('#del_col .chk_box').each(function(){ 
    										
    		if($(this).is(':checked')){
    			
    			sql += "DELETE FROM video_items WHERE ID = '" + $(this).attr('id') + "';";
    			
    		};		
    	});
    	
    			$.post('del_items.php', {sql: sql}, 
    				   function(msg){
         					alert(msg);
    	    			},
    					function(msg){
    						alert(msg);
    					}
    			);
    };
    The error I get is "You don't have permission to access /siteadmin/del_item.php
    on this server."

    Tried it with other files and they are the same.

    The html is:
    Code:
    <div id="main">
    		
            <table width="100%" align="center" class="item_list">
            	<tr>
                	<th>Title</th>
                	<th>Description</th>
                    <th nowrap="nowrap">Edit</th>
                    <th nowrap="nowrap">Delete</th>
                </tr>
                
               	
    PHP Code:
    <? load_videos(); ?>
    <tr> <td colspan = "3" align="right"></td> <td> <form id="del_items" action=""> <input type="button" class="del_item" value="Delete" /> </form> </td> </tr> </table> </div>
    and the load_videos function code is:
    PHP Code:
    function load_videos(){
        
        
    $db_check mysql_query('SELECT ID, title, text FROM video_items') or die(mysql_error());
        while(
    $info mysql_fetch_array($db_check)){
        
        if(
    strlen($info['text']) > 100){
            
    $text =  substr($info['text'], 0100)."....";
        }
        else{
            
    $text $info['text'];
        };
        
            echo(
    '<tr>');
            echo(
    '<td nowrap="nowrap">'.$info['title'].'</td>');
            echo(
    '<td>'.$text.'</td>');
            echo(
    '<td id="'.$info['ID'].'"><input type="button" class="edit_vid_btn" value="Edit"></td>');
            echo(
    '<td align="center" id="del_col"><input type="checkbox" id="'.$info['ID'].'" class="chk_box"></td>');
            echo(
    '</tr>');
            
        };
        
    }; 

    Any help would be ace.
    Also if anyone can tell me how to post some data to a php file using jquery and change the page to the called file that would be ace. I am trying to edit the info in the by loading a button with each item in the table and I want to be able to click on the edit button and load a page with all the details in from the database. Any help on how to do this would be most appreciated.

    Thanks in advance.

  • #2
    New Coder
    Join Date
    Jan 2010
    Location
    In a dump
    Posts
    64
    Thanks
    9
    Thanked 2 Times in 2 Posts
    Sorted. This was the issue:

    Code:
    sql += "DELETE FROM video_items WHERE ID = '" + $(this).attr('id') + "';";
    The code did not like the ' mark at the end. I just removed the end of the statement and worked fine.

    Still stuck with the edit buttons.

    Any Suggestions would be ace.

  • #3
    Senior Coder A1ien51's Avatar
    Join Date
    Jun 2002
    Location
    Between DC and Baltimore In a Cave
    Posts
    2,717
    Thanks
    1
    Thanked 94 Times in 88 Posts
    You really need to learn about SQL Injection.

    You are giving a hacker full access to your database with JavaScript. Bad Bad Bad Bad Bad idea.


    Eric
    Tech Author [Ajax In Action, JavaScript: Visual Blueprint]


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •