Reputation: 162
Send string to php server and use it
Im trying to send a string to a php server, but for some reason, Im not able to read the string on the server... I tried many ways to type it well but it seems like I never got the correct syntax. Anyone have clues?
var command="";
if(document.getElementById("Text_1").value != "" && document.getElementById("Text_2").value != "")
{
command += " " + document.getElementById("Text_1").value + " " + document.getElementById("Text_2").value;
}
alert(command);
xmlhttp.open("POST", "server.php", false);
xmlhttp.setRequestHeader('info', command)
//TRIED xmlhttp.setRequestHeader("info, command")
//TRIED xmlhttp.setRequestHeader('info', 'command')
//TRIED many others sketchy things...
xmlhttp.send();
//TRIED xmlhttp.send(command);
var output = xmlhttp.responseText;
On php server :
<?php
$parameter = $_POST['command'];
$output = exec("someexecutable.exe $parameter");
echo json_encode($parameter);
?>
For them wondering, if I hardcode $parameter with a right string, it works, so the executable isn't the problem. The server just cant get the value of the string in $_POST.
Upvotes: 1
Views: 2689
Answers (1)
Reputation: 227260
setRequestHeader is used to set headers on the request. Things like Content-type and Content-length.
You need to pass the data to send(). For $_POST to work, they need to be in key=val&vey2=val2 format. Actually, in newer browsers, you can use FormData.
xmlhttp.open("POST", "server.php", false);
// To emulate a `<form>` POST
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
// To get the response, you need to set a callback
xmlhttp.onreadystatechange = function(){
// readyState 4 = complete
// status = 200 OK
if(xmlhttp.readyState == 4 && xmlhttp.status == 200){
var output = xmlhttp.responseText;
}
};
// Create the Form Data
var params = new FormData;
params.append('command', command);
xmlhttp.send(params);
P.S. You should run escapeshellarg() before running your command. This could be worse than just SQL injection if people can run arbitrary commands on your server.
<?php
$parameter = escapeshellarg($_POST['command']);
$output = exec("someexecutable.exe $parameter");
?>
P.P.S. escapeshellarg() will make your command treat the entire $_POST['command'] string as one parameter. If you don't want that, then you'll need to POST an array from your JavaScript.
// Create the Form Data
var params = new FormData;
params.append('command[]', document.getElementById("Text_1").value);
params.append('command[]', document.getElementById("Text_2").value);
xmlhttp.send(params);
Now $_POST['command'] will be an array, so you'll have to run the command like so:
<?php
$parameters = array_map('escapeshellarg', $_POST['command']);
$output = exec("someexecutable.exe ".implode(' ', $parameters));
?>
Upvotes: 3
Related Questions
- I am not able to send a string correctly from javascript to server
- how to get string from xmlhttp.send(str) via POST in PHP
- Sending string to php server
- The best way to send (and recive) a string via XMLHttpRequest?
- Use ajax in php for sending request to server
- XMLHttpRequest passing a variable to php script
- XMLHttpRequest sending XML to PHP server
- sending a javascript value to php with xmlhttp
- send a variable to php with AJAX
- xmlHttp string passing