0

Hi I'm having some problems making my function structure. Would appreciate any help.

First this function should delete map markers once OnChange event is triggered from index.php. And send post values to xmlmapquery.php for data retrieval. once retrieved, The data should be stored back to my index.php in <div id='content'>

function filter()
{ 
   for (var i = 0; i < markersArray.length; i++ ) {
      markersArray[i].setMap(null);
   }
   markersArray.length = 0;

   var lgu = $('#lgu').val();
   var category = $('#category').val();
   var type = $('#type').val();
   $.get('xmlmapquery.php', { filter: lgu, filter2: category, filter3: type},function(data){
        $('#content').text(data);
   )};
};

Now this is xmlmapquery.php

<?php  
  include('connection_db.php');
  // Start XML file, create parent node
  $dom = new DOMDocument("1.0");
  $node = $dom->createElement("markers");
  $parnode = $dom->appendChild($node); 

  if(isset($_POST['filter']) && isset($_POST['filter2']) && isset($_POST['filter3'])){
     $query = "SELECT * FROM markers WHERE type='".$_POST['filter']."' and type='".$_POST['filter2']."'
                                        and type='".$_POST['filter3']."'";
  } 
  // Select all the rows in the markers table
  $result = mysql_query($query);
  if (!$result) {  
     die('Invalid query: ' . mysql_error());
  } 

  header("Content-type: text/xml"); 

  // Iterate through the rows, adding XML nodes for each
  while ($row = @mysql_fetch_assoc($result)){  
    // ADD TO XML DOCUMENT NODE  
    $node = $dom->createElement("marker");  
    $newnode = $parnode->appendChild($node);   
    $newnode->setAttribute("name",$row['name']);
    $newnode->setAttribute("address", $row['address']);  
    $newnode->setAttribute("lat", $row['lat']);  
    $newnode->setAttribute("lng", $row['lng']);  
    $newnode->setAttribute("type", $row['type']);
  } 
  echo $dom->saveXML();
?>

Would appreciate help on this. currently the function is NOT working even deleting the markers is not working. Once i get this thing working I will add more commands to the function that would get data and create new markers for my map. Thanks in advance.

Improve this question
6
  • Does your browser error console say anything about the JavaScript? That seems to be the root of your problem. Note also that this script is vulnerable to SQL injection. At a minimum, you must call mysql_real_escape_string() on each of those $_POST query inputs. Ideally though, consider switching to a newer API that supports prepared statements, like MySQLi or PDO. The mysql_*() functions will be deprecated in the next major PHP version 5.5 Commented Dec 29, 2012 at 13:35
  • Error console not helping. I was thinking i have a problem with my structure because I'm new with javascript, The inputs are from <select> elements I think they would be secure. Commented Dec 29, 2012 at 13:39
  • No they are not secure. Although a casual user cannot easily change the values, anyone with basic knowledge of HTTP can submit any values they want to your handling script. Anyone with an open browser DOM inspector can change the values. The PHP script has no idea whether it is receiving input from your form or from any other specially crafted HTTP request - you must sanitize those inputs. Commented Dec 29, 2012 at 13:44
  • That's not really secure, I could post anything I'd like to your server and have it inserted directly into the DB query, which could mean that I could completely mess up your DB or gain access to the server. Did you place a simple console.log in the success function of that ajax call to see if there is any data returned, and did you also try the same inside the filter function, to check that it's actually executed ? Commented Dec 29, 2012 at 13:44
  • I see, I will use mysql_real_escape_string() But I'll move to MySQLi In the near future. As i said I'm new to javascript I will try that console.log. Thanks for the tips. Commented Dec 29, 2012 at 13:51

1 Answer 1

Reset to default
2

Suppose your script logic is ok, and no die() or other php methods are returning null or false (anyway you should see in your browser console).

Things to do are:

1 - check firebug/chrome/browser console when launching request (if the request is hidden in some way use the "save" request method in console to check that)

2 - use var_dump($dom->saveXML()); instead of echo $dom->saveXML();

3 - check server/php logs when possible

4 - be sure your request uirl is complete and working and i'm referring to $.get('xmlmapquery.php');

if you follow this line of debugging, unless ghosts doesn't exists, you will be able to run your script easly.

Hope it will help

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.