SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 33
  1. #1
    ********* Articles ArticleBot's Avatar
    Join Date
    Apr 2001
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Article Discussion

    This is an article discussion thread for discussing the SitePoint article, "Take Command with AJAX"

  2. #2
    SitePoint Wizard Dean C's Avatar
    Join Date
    Mar 2003
    Location
    England, UK
    Posts
    2,906
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It probably would have been better to use an event listener instead of using inline JS in your source:

    http://phrogz.net/JS/AttachEvent_js.txt

  3. #3
    SitePoint Zealot
    Join Date
    May 2003
    Location
    Midwest
    Posts
    100
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Bad example to use, any small mistake in code could open up a server for exploit!
    Last edited by cyberlot; Oct 14, 2005 at 05:58. Reason: Unsure

  4. #4
    get into it! bigduke's Avatar
    Join Date
    May 2004
    Location
    Australia
    Posts
    847
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nice demonstration, did I hear someone call out for thin clients? Such apps would do extremely well on intranets in my opinion.

  5. #5
    Joshua
    SitePoint Community Guest
    Great article! Really shows the power of AJAX

  6. #6
    Victor
    SitePoint Community Guest
    Thank you for the great tutorial ans source code

  7. #7
    Darrel
    SitePoint Community Guest
    There's a problem with the links in the print version of this article. The links seem to have http://www.sitepoint.com/" tacked onto the beginning of the URL and /" tacked onto the end.
    For example, http://www.sitepoint.com/"http://www.w3clubs.com/sp/ajax/httprequest_example.html/"

  8. #8
    Ken
    SitePoint Community Guest
    The only thing I don't like is the extent to which javascript is used. Again we are falling back to limited browser support and cross browser compatibility. It seems like a nice new thing but it just doesn't appeal to me.

  9. #9
    SitePoint Member
    Join Date
    Oct 2005
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question

    Heres an odd problem I've been having.

    Code:
    /******** ajax.js *******/
    // global flag
    var isIE = false;
    
    var XMLFiles = new Array();
    
    function loadDoc(page, xmlAlias)
    {
    	if (true)
    	{
    		try {
    			XMLFiles[xmlAlias] = new XMLHttpRequest();
    		} catch (err) {
    			try {
    				XMLFiles[xmlAlias] = new ActiveXObject("Microsoft.XMLHTTP");
    			} catch (err) {
    				alert("Uh, Broken?\n" + (typeof err == "string") ? err : ((err.message) ? err.message : "Unknown Error") )
    			}
    		}
    
    		XMLFiles[xmlAlias].onreadystatechange = RdyStateChange(xmlAlias);
    	}
    	
    	XMLFiles[xmlAlias].open("GET", page);
    	XMLFiles[xmlAlias].send(null);
    //	alert('USELESS THING');
    	blankFunc();
    	return true;
    			
    }
    
    function blankFunc()
    {
    	var waste, i;
    	for( i = 0; i < 10; i++)
    	{
    		waste += i;
    	}
    	return waste;
    }
    
    function RdyStateChange(xmlAlias)
    {
    	alert(xmlAlias);
    }
    
    function loadCatXML(page)
    {
    	loadDoc(page, 'Category');
    	alert(XMLFiles['Category'].statusText);
    
    	document.getElementById('CategorySelector').innerHTML = 'ABC';
    	
    }
    Code:
    <!------ HTML ------->
    		
    	
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    	<head>
    		<title>Keri Blue - Products</title>
    		<link href="styles/style.css" rel="stylesheet" type="text/css" />
    		<link href='styles/products.css' rel='stylesheet' type='text/css' />
    
    		<script type='text/javascript' src='javascript/scroller.js'></script>
    <script type='text/javascript' src='javascript/ajax.js'></script>
    
    	</head>
    	<body >
    		<a href='#' onclick='loadCatXML("extras/test.xml");'>CLICK</a>
    	</body>
    </html>
    Now, this will end up erroring in firefox with a `NS_ERROR_NOT_AVAILABLE`, Until you uncomment the `// alert('USELESS THING');` line in ajax.js.
    W-haaaat?

  10. #10
    SitePoint Member
    Join Date
    Apr 2005
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ken, I came to the conclusion that support for 99%+ of my users was enough for me (judging from the list of supported browsers here: http://en.wikipedia.org/wiki/Ajax_%28programming%29 ). And that's gathered from the stats of a site that caters to a fairly low-tech group of people (sports coaches, many using school machines).

    For me, the benefits outweigh the risks, which are only decreasing as time goes on, browsers progress, and computers are upgraded. It seems that AJAX is here to stay as the de facto remote scripting standard.

  11. #11
    SitePoint Wizard Pepejeria's Avatar
    Join Date
    Jan 2005
    Location
    Too far up north
    Posts
    1,566
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, I haven't really read the article, but I noticed the following:
    Code:
    if (return_xml) {
        eval(callback_function + '(http_request.responseXML)');
    } else {
        eval(callback_function + '(http_request.responseText)');
    }
    Why use eval? Eval is evil. The following works fine as well:
    Code:
    if(return_xml)
    {
    	callback_function(http_request.responseXML);
    }
    else
    {
    	callback_function(http_request.responseText);
    }
    That if the callback_function argument is a function and not a string:
    Code:
    makeHttpRequest('test.html', function(oRequest)
    {
    	alert(oRequest);
    });

  12. #12
    SitePoint Columnist Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I found it interesting how your code got more, rather than less, complicated as the article progressed. Less code is always better! There's absolutely no reason to use complex DOM manipulation code when innerHTML can achieve exactly the same result. Likewise, why send XML with repsponseXML when plain responseText is good enough?

    If you want an academic excuse for using innerHTML when it isn't part of a W3C standard (even though every browser under the sun supports it), here's the one I use: A web browser's principle activity is taking strings of HTML and turning them in to DOM trees. It's utterly ludicrous for that basic ability not to be exposed to developers. innerHTML exposes it.

  13. #13
    SitePoint Columnist Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've just figured out what it is that made me so uncomfortable about this idea: it's a CSRF (Cross Site Request Forgery) attack waiting to happen.

    Let's say you do set up the script without the in_array check behind an authentication system (cookies, sessions or HTTP auth). I can still delete everything on your site. All I have to do is guess the location of your exec.php script and create a page on my own site (or a public forum or what have you) containing the following HTML:

    <img src="http://yoursite.com/exec.php?command=rm -rf /">

    If I can trick you in to visiting that page while your browser is logged in to your command application I can delete every writable file on your server!

    Defending against this attack is surprisingly tricky - just using POST instead of GET (which you should be doing anyway for an application that causes changes to the state of the data on your server) isn't enough. You need some kind of token based scheme that confirms that the GET or POST request to your PHP script originated with your Ajax code. A referral check will just about do the job, but a token scheme is far more robust.

    Here's a good overview of CSRF and potential solutions: http://www.squarefree.com/securityti...pers.html#CSRF

  14. #14
    Knowledge is key 2 progression Tryst's Avatar
    Join Date
    Sep 2003
    Location
    Wales
    Posts
    1,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I seem to be getting the following error message when I attempting to run the XML version of this script. (Yes, the exec_xml.php script does return the correct XML file data and in the correct format).

    Error: xmldoc.getElementsByTagName("command").item[0] has no properties

    What could this message mean?

  15. #15
    SitePoint Addict
    Join Date
    Apr 2002
    Posts
    281
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok I spent a good hour on this problem and I think the solution I found also applies to Tryst's problem.

    I wanted to send back data to my browser using the xml method and the documentElement would be null everytime, but when I tried to alert the response in text mode then I could see the xml no problem and I also validated it and it was valid.

    So after alot of looking around I came to the conclusiont that if you xml is indented in any way then it won't get DOMed properly at all.

    So I eliminated all the \n and all the tabs I had and just made it a 1 line string. This worked and I could then target my elements again with no problems.

    I was looking if there's a function to ignore spaces...I guess there isn't?


    Oh what I wanted to say....Yes I'm a newbie because this is the first time I'm using AJAX but not 1 article mentioned that this would be a problem and all articles format their xml documents with spaces and indents. So maybe I'm missing something? Also I was using HEREDOC to echo the xml, maybe it doesn't like that?

  16. #16
    SitePoint Addict dek's Avatar
    Join Date
    Oct 2004
    Location
    UK
    Posts
    352
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Skunk
    I found it interesting how your code got more, rather than less, complicated as the article progressed. Less code is always better! There's absolutely no reason to use complex DOM manipulation code when innerHTML can achieve exactly the same result. Likewise, why send XML with repsponseXML when plain responseText is good enough?

    If you want an academic excuse for using innerHTML when it isn't part of a W3C standard (even though every browser under the sun supports it), here's the one I use: A web browser's principle activity is taking strings of HTML and turning them in to DOM trees. It's utterly ludicrous for that basic ability not to be exposed to developers. innerHTML exposes it.
    I agree that innerHTML is a great thing to have around, and I do make use of it fairly often - usually to put simple strings into elements though, and not for structure building.

    With a little judicious coding it is possible to construct full DOM element hierarchies without using innerHTML, and with very compact and neat code. I find it much tidier than using innerHTML, and not a great deal more verbose. It's just a matter of how you tackle the problem.
    Only dead fish go with the flow

  17. #17
    me
    SitePoint Community Guest
    Man, you are the one.

  18. #18
    SitePoint Member
    Join Date
    Dec 2005
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    This appears to be an IE specific issue

    So I eliminated all the \n and all the tabs I had and just made it a 1 line string. This worked and I could then target my elements again with no problems.

    A PITA when using saveXML from a PHP page!

  19. #19
    Non-Member Gator99's Avatar
    Join Date
    Sep 2004
    Location
    Florida
    Posts
    613
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Although an interface to run shell commands on your server is pure insanity, it clearly does illustrate the principles and underlying code.

  20. #20
    Afraid I can't do that Dave Hal9k's Avatar
    Join Date
    Mar 2004
    Location
    East Anglia, England.
    Posts
    640
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    alert('Unfortunatelly...

    Unfortunately.

  21. #21
    Austin38
    SitePoint Community Guest
    This is an incredibly well-written tutorial that is simple to comprehend yet shows the power of Ajax. Outstanding work!

  22. #22
    SitePoint Addict Sojan80's Avatar
    Join Date
    May 2002
    Location
    Central WI, US
    Posts
    262
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Great Article! I would love to see a more detailed XML example where an XML file with a similar structure to:
    <?xml version="1.0" ?>
    <root>
    <item>
    <title>A title</title>
    <text>A paragraph or more of text here...</text>
    </item>
    <item>
    <title>A title</title>
    <text>A paragraph or more of text here...</text>
    </item>
    </root>

    where you could have from 1 to n items and how best to navigate through the nested XML elements.

    Also, I'm not quite sure what the purpose or function of the item(0) in the
    Code:
    var new_command = xmldoc.getElementsByTagName('command').item(0).firstChild.nodeValue;
    line was or what item(i) piece a few lines later was doing within the context of the code.

    The only other question I have is how would you handle including a hyperlink that came in in one of the text elements?

  23. #23
    SitePoint Addict Sojan80's Avatar
    Join Date
    May 2002
    Location
    Central WI, US
    Posts
    262
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am having a problem getting my AJAX to work in Safari using some of what is covered in the article. I've posted a problem description here http://www.sitepoint.com/forums/show...06#post2746506

  24. #24
    arado
    SitePoint Community Guest
    amazing tutorial, made Ajax sound simple, very practical example using non IFrames, instead used a DIV tag.

  25. #25
    SitePoint Guru
    Join Date
    Nov 2005
    Location
    Norway
    Posts
    715
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Links are not working.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •