Reputation: 29
Can I write SQL update inside ajax code?
I have been working on an ajax code in which I need to update a SQL table. I am not sure if I could write SQL code inside ajax or not as I am completely new to AJAX. While I was trying, I was having issue i.e when I write code for SQL update inside the ajax code, it gives me an error saying "Uncaught Syntax Error: Missing catch or finally after try". Here is the code that I am working on:
$("#ktId").change(function(){
var cataid = $("#ktId option:selected").val();
var tktid = $(this).attr('tktid');
if (tktid != '') {
$.ajax({
async: false,
type : 'POST',
url : 'ajax/ticketload_test.asp',
data : { cataid: cataid, tktid: tktid },
success : function(responseData) {
try {
SQL = "UPDATE tbltkt SET ticketType = '& cataid &' WHERE id = '" & Request("tktid")& "'"
}
}
catch(e) {/*ignore*/}
}
});
} else {
alert("Please fill in the catagory!");
}
});
Background: In classic ASP, I have to create and select the value from the drop-down list. So "#ktId" above mentioned is the id for the drop-down. After selecting an option from drop-down, I just need to update the table i.e tbltkt mentioned above. "ticketType" is the field or column for the options in the drop-down. So can anyone please mention or point out my mistake here. Can I use SQL update code in the ajax?
Upvotes: 0
Views: 229
Answers (3)
Reputation: 4203
The main point here is that who should actually access the database is your application server (IIS if you're using ASP in the backend), which is in turn listening to your AJAX requests. So, the code that access your database may be in the server side, and not mixed with the javascript functions, what could lead to SQL injection attacks as described in another answer above.
So you should have to code some server handler to listen to your AJAX call on wich you put the parameters that this handler will use to construct the SQL query, launch it against the database server, and return a view (or JSON data) with the results.
Sorry but I cannot be more specfic if you don't give more details about the architecture of your application and the technologies you're using.
Upvotes: 0
Reputation: 2688
It's not really safe. Maybe you should reconsider your architecture? However, your syntax error is because of extra brace after SQL. But still, any your SQL procedures won't work if you write it in callback
Upvotes: 1
Reputation: 3125
Please don't do that. Read about SQL injection here: SQL INJECTION
All your SQL code must be present ONLY in the server side or as a Stored Procedure. Just send your variables to the server and make the query in the server side. Please read about SQL Injection in order to avoid hacking.
Upvotes: 1
Related Questions
- Getting an ajax request to update a column in a SQL Table
- Update value on a database with jQuery
- Update SQL Database with JavaScript
- Is it possible to update data in my SQL database with Javascript?
- update table after runing sql query on same page
- Update SQL Database from client side in ASP.NET
- Update SQL with JQuery and AJAX
- update database using AJAX
- Updating SQL database using jQuery Ajax and PHP
- Ajax jquery <a> to update database