can i use javascript to save an item to a database using sql script?
Add a comment
|
4 Answers
Not directly, unless you are working with a client-side database. However, you can hook JavaScript up with a server-side script (whichever backend you'd prefer) using XMLHttpRequest.
Comments
You really don't want to do this. If you store SQL in your client-side javascript, you are exposing the details and structure of your database to an attacker. Creating an AJAX method to execute passed in javascript without creating a hole and attacker could use to perform SQL Injection attacks would be quite difficult.
As in Javascript on the browser? No, you can't.
Hypothetically you could use AJAX techniques to push SQL commands through a server layer and thence to the database but you really, really wouldn't want to since that would be an unholy mother of all security risks.
Comments
no, you'd have to use some serverside processing language , such as php, asp....
4 Comments
noob
can i pass a javascript value to a php variable? for example i will get the value of a textarea through javascript then copy it to a php variable.
annakata
yes, you can pass JS data as a querystring param or in a form input when you make a request
noob
can you give me an example. i'm sorry i'm such a noob.
pixeline
if you are a noobie, i suggest you use the jquery javascript library. It will ease your learning curve a lot. Then you could do something like: $.post("test.cgi", { name: "John", time: "2pm" }, function(data){ alert("Data saved: " + data); } ); Here is a good starting point: sitepoint.com/article/ajax-jquery