0

Update: I dont want to add the hidden field as it may be tampered by user (inspect element)?

Refer to the code below from this question.

// this is the id of the form
$("#idForm").submit(function(e) {

    $.ajax({
           type: "POST",
           url: 'validate/action.php',
           data: $("#idForm").serialize(), // serializes the form's elements.
           success: function(data)
           {
               alert(data); // show response from the php script.
           }
         });

    e.preventDefault(); // avoid to execute the actual submit of the form.
});

In my action.php how do I know the $_POST data from #idForm? I may have different form posted to action.php. For example:

$("#FormAdd").submit(function(e) {
    $.ajax({
           type: "POST",
           url: 'validate/action.php',
           data: $(this).serialize(), // serializes the form's elements.
           success: function(data)
           {
               alert(data); // data successfully added
           }
         });

    e.preventDefault(); // avoid to execute the actual submit of the form.
});

$("#FormEdit").submit(function(e) {
    $.ajax({
           type: "POST",
           url: 'validate/action.php',
           data: $(this).serialize(), // serializes the form's elements.
           success: function(data)
           {
               alert(data); // data successfully updated
           }
         });

    e.preventDefault(); // avoid to execute the actual submit of the form.
});

$("#FormDelete").submit(function(e) {
    $.ajax({
           type: "POST",
           url: 'validate/action.php',
           data: $(this).serialize(), // serializes the form's elements.
           success: function(data)
           {
               alert(data); // data successfully deleted
           }
         });

    e.preventDefault(); // avoid to execute the actual submit of the form.
});
4 Leave Cover
  • 1,344
  • 11
  • 35
  • 68

3 Answers3

1

In each form you can add a hidden input specifying the type of action. I see your forms is based on CRUD actions. For example, add a hidden form called add in the add form and then in the php side, have a switch case to determine which form you are in

In add form for example,

<input type='hidden' value='add' name='action'/>

Then in php

if(isset($_POST['action'])){
switch($_POST['action']){
case 'add':
//do add
break; 
}
}

If you don't want to pass hidden field, you can do this using htaccess way. In the Ajax URL, pass the name of the function to be accessed in the php file. Then check for that function and call.

Example :

url:'validate.php/saveForm', //where saveForm is the function in the php file to save

Or otherwise you can have individual URLs for each CRUD operation

If you are paranoid about hidden interface issues, do this

In the php file have a list of accepted CRUD types:

$valid =[];
$valid = ['add', 'edit',  'delete'];
if(in_array((string) $_POST['action'],$valid,true) === false){
    die('invalid CRUD action');
}
Rotimi
  • 4,494
  • 4
  • 16
  • 27
1

You have to pass one extra hidden value in all form which contain value for which form is submitted. then check that hidden value in php

Example(IN html form)

<form id ="FormAdd">
    <!--Your other fields -->
   <input type="hidden" name="form_action"  value="add"/>
</form>

<form id ="FormEdit">
    <!--Your other fields -->
   <input type="hidden" name="form_action" value="edit/>
</form>

<form id ="FormDelete">
    <!--Your other fields -->
   <input type="hidden" name="form_action"  value="delete"/>
</form>

Then in action.php

$action = isset($_POST['form_action'])?$_POST['form_action']:"";
if($action == "add")
{
//#FormAdd submitted
}
elseif($action == "edit")
{
//#FormEdit submitted
}
elseif($action == "delete")
{
//#FormDelete submitted
}

EDIT If you don't want to include hidden field. You can pass value in javascript

$("#idForm").submit(function(e) {
   //$data = $("#idForm").serialize();



   $.ajax({
           type: "POST",
           url: 'validate/action.php',
           data: $("#idForm").serialize() + '&form_action=' + "add", // serializes the form's elements.
           success: function(data)
           {
               alert(data); // show response from the php script.
           }
         });

    e.preventDefault(); // avoid to execute the actual submit of the form.
});

Do same for edit and delete

B. Desai
  • 16,092
  • 5
  • 22
  • 43
0

First Is You Can encrypted /decryption Hidden field Id Then display This Is The Best Method For Security. This Is Ajax Method To Send Id In Another Page Call This Function Button Submit 

 function getCity(val) {        
 if(val){
     $.ajax({
         type:'POST',
         url:'xyz.php',
         data:'Ste_id='+val,
         success:function(html){
  // This I am Used For Bind Data To Html Input You Can Use anything display alert
             $('#htmlcontrllname').html(html);
         }
     }); 
 }else{
        // This I am Used For Bind Data To Html Input You Can Use anything display alert
     $('#htmlcontrllname').html('Your msg'); 
 }
}

In xyz php page you can use this code

if (!empty($_POST['Ste_id']) && isset($_POST["Ste_id"])) {  
    try {    
            // create connection object you use your own    
          $db = new Cl_DBclass();  
          $con = $db->con;

      $row = mysqli_query( $con, "select id, name from table_name 
           WHERE Ste_id= '" . $_POST["Ste_id"] . "' ORDER BY id ASC");
       $rowcount = mysqli_num_rows( $row );

    if( !empty($rowcount) ){                                    
        while ( $result  = mysqli_fetch_assoc($row) ) {
            $results[] = $result;                                       
        }
       exit;    
     }                
   } catch (Exception $e) {
     $error = $e->getMessage();
     }
 }
B. Desai
  • 16,092
  • 5
  • 22
  • 43
Aks
  • 21
  • 5