1. Home
  2. Forums Index
  3. Browser Side / JavaScript and AJAX 8:10 pm May 13, 2026

Forum Moderators: open

Message Too Old, No Replies

responseText

includes elements and such i did not assign to it

         

nyteshade

12:25 am on Jan 20, 2012 (gmt 0)

10+ Year Member



My first attempt to create 'username availability' check using only javascript and php script only. All my steps work as expected but the ajax.responseText includes a string of elements prefixing the value I echo back in my php script as shown below.

This function initializes the ajax object, I show you this so that you may view the ajax.open statement. This and the calling function and the functions it invokes work ok. 

function init(input_value, input_name) {

var ajax = getXMLHttpRequestObject();
if(ajax){

if(input_name == 'username'){

ajax.open("get", "avail_querydb.php?username="+encodeURIComponent(input_value));

ajax.onreadystatechange = function(){

handleResponse(ajax, 'username');
}

ajax.send(null);

return false;
}...


Next, the repsonse from the server is handled, and here I can see that the switch condition is never executed because content of responseText includes stuff like br, form, and misc elements and content that does not even exist in any of the files involved, well I should say nothing that I've keyed in? 


function handleResponse(ajax, target_label){
d = document;
if(ajax.readyState ==4){
if((ajax.status == 200) || (ajax.status == 304)){
if (ajax.responseText == 'not available') {
 switch (target_label){
case 'username':
document.form.avail_entry_form.username_label.value = 'username not available';
break;
case 'email':
document.form.avail_entry_form.email_label.value = 'email not available'
break;
}
}
}
} else {//Bad status response :: submit the form 
//document.getElementById('avail_entry_form').submit();
}
}


And finally the server-side script: 


<?php
...
$resultBack = 'available';

if (isset( $_GET["username"])) {
$username = $_GET["username"];
$sql = "SELECT username FROM users WHERE username = '$username'";
if($result = $mysqli->query($sql)) $resultBack = 'not available';
}

if (isset( $_GET["email"])) {
$email = $_GET["email"];
$sql = "SELECT username FROM users WHERE email = '$email'";
if($result = $mysqli->query($sql)) $resultBack = 'not available';
}


$mysqli->close;

echo $resultBack;
?>


Using Firebug I can see that 'not available' is at the end of about 100 characters of text but I have no idea how it is being appended to $resultBack? Odd... any idea what I'm missing? Thanks all.

daveVk

5:28 am on Jan 20, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Seems like some other echo or similar going on in PHP, try inserting echo "*1" at start and so on at regular intervals, then see where 100 chars are relative to *numbers.

nyteshade

12:56 pm on Jan 20, 2012 (gmt 0)

10+ Year Member



daveVK: thanks for the suggestion, I did get my code to work but there are forces working here that I do not understand, as follows:

First, I scaled down my php script to this: 

<?php 

ini_set("include_path","./includes");
require_once('mysqli.avail.inc.php');

$username = strip_tags(trim($_GET['username']));

if (!empty($username)) {
$sql = "SELECT username FROM users WHERE username = '$username'";
if($result = $mysqli->query($sql)) $resultsBack = 'not available';
}

echo $resultsBack;

?>

I experimented with removing the ini_set and using the absolute path in the require_once but that was not the problem; also, you see that I've used strip_tags and trim, but again I do not believe that added anything to resolving the mystery of the chars being appended to $resultsBack.


And, to top things off, once the mysterious chars vanished, I discovered that the following: 


document.getElementById('username_label').value = 'username not available'


would not work (at least in FF)! AND, that the 'value' is set on screen before the statement is executed at the <<<HERE below.

Of course I'm happy my little piece of code works, finally, but I'm anxious that 1) I do not know what I did that fixed my initial problem
2) Why the screen display is reflecting the label value before the statement is executed 3)Why is innerHTML working when the supposedly standard statement referencing the value of the label element does not work? 


function handleResponse(ajax, target_label){
d = document;
if(ajax.readyState ==4){ <<<HERE THE VALUE IN THE FORM IS SET
if((ajax.status == 200) || (ajax.status == 304)){
if (ajax.responseText == 'not available') {
 switch (target_label){
case 'username':
d.getElementById('username_label').innerHTML = 'username not available';
break;
case 'email':
d.getElementById('email_label').value = 'email not available'
break;
}
}
}
} else {//Bad status response :: submit the form 
//document.getElementById('avail_entry_form').submit();
}
}


Ok, maybe I'm being too fussy about #1, that was very odd and I'm grateful it is fixed. But I'll be researching #2 and #3, thanks again for the suggestion, it helped.

daveVk

1:58 pm on Jan 20, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



document.getElementById('username_label').value = 'username not available'

if username_label is a label element then use .innerHTML or similar.

.value applies to likes of input elements that hold form data.

Note that .innerHTML changes the HTML (Dom) whereas .value changes the form data and not the HTML. The form data has a separate life than the HTML and can outlast it.

Fotiman

3:05 pm on Jan 20, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month




if (isset( $_GET["username"])) {
$username = $_GET["username"];
$sql = "SELECT username FROM users WHERE username = '$username'";

Note, this code makes you susceptible to a SQL injection attack.

username=' OR '1' = '1

Result:
$sql = "SELECT username FROM users WHERE username = '' OR '1' = '1'";

You should address that.

Next, if the response is coming back with more than you expect, then perhaps one of your includes is writing out part of a response. I would start by inspecting the responseText (either with a debugger like Firebug, or even just putting in an alert). Sounds like you may have resolved this by stripping down your php. 


<?php 

ini_set("include_path","./includes");
require_once('mysqli.avail.inc.php');

$username = strip_tags(trim($_GET['username']));

if (!empty($username)) {
  $sql = "SELECT username FROM users WHERE username = '$username'";
  if($result = $mysqli->query($sql)) $resultsBack = 'not available';
}

echo $resultsBack;

?>

In that code, resultsBack is not set to anything if no results where returned from SQL.

rainborick

5:13 pm on Jan 21, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I think it would be best to use mysql_real_escape_string() rather than strip_tags() to prevent MySQL injections. strip_tags() removes HTML and PHP tags, but doesn't touch special characters like ',",\n, and \r.

nyteshade

1:30 pm on Jan 22, 2012 (gmt 0)

10+ Year Member



Regarding the mysterious characters appearing in my ajax object property responseText. After more careful examination of Firebugs 'Watch' (thanks Fotiman) I see that responseText includes results from what appears to be Xdebug flagging an error on an attempt to use the resultset $result from $mysqli->query($sql) as a string? See *** THIS FAILS EVERYTIME *** below. That block of code generates different errors depending on, well I'm not sure. Sometimes it generates the error I described above, sometimes the responseText looks ok but the 'not available' is always returned. 


<?php 
ini_set("include_path","./includes");
require_once('mysqli.avail.inc.php');

$resultsBack = 'available';

if(isset($_GET['username'])) {
$username = strip_tags(trim($_GET['username']));
$username = $mysqli->real_escape_string($username);
}

//***1 THIS WORKS EVERYTIME
if (!empty($username)) {
$sql = "SELECT username FROM users WHERE username = '$username'";

$result = $mysqli->query($sql);
$row_cnt = $result->num_rows;
if($row_cnt>0) {
echo $resultsBack = 'not available';
} else {
echo $resultsBack = 'available';
}
}

//***2 THIS FAILS EVERYTIME ***
//if (!empty($username)) {
//$sql = "SELECT username FROM users WHERE username = '$username'";
//if($result = $mysqli->query($sql)) echo $resultsBack = 'not available';
//}
?>


However, if I run the routine above as a standalone file rather than making an ajax.open request, altered to do this: 


<?php 
ini_set("include_path","./includes");
require_once('mysqli.avail.inc.php');

$username = 'nyteshade';

echo ' username: '.$username;

if (!empty($username)) {
$sql = "SELECT username FROM users WHERE username = '$username'";
if ($result = $mysqli->query($sql)) {
 printf("\nSelect returned %d rows.\n", $result->num_rows);
}
}
?>


...just to make sure the if statement is legal, then it works ok and returns:

username: nyteshade Select returned 1 rows.


I thought I had ***2 above working earlier but I was mistaken. It appears like legal code but it just does not return what is expected. If anyone sees something obviously incorrect then please let me know before I scratch a hole in my head (maybe I should just let it go because the more verbose lines ***1 work).

Thanks Fotiman for getting me to look more deeply into Firebug, the 'Watch' component makes more sense now that I have a handle on objects; daveVK for the debugging suggestion; rainborick, Fotiman for the injection recommendations.

nyteshade

2:06 pm on Jan 25, 2012 (gmt 0)

10+ Year Member



Arrgh! This is my month to admit being a fool. I was confusing mysqli_query and $mysqli->query results, even when staring at the PHP manual; mea culpa. Whenever I was seeing mysqli_ my brain was automatically thinking object, incorrectly.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Browser Side / JavaScript and AJAX 8:10 pm May 13, 2026