0

I have been working on an ajax code in which I need to update a SQL table. I am not sure if I could write SQL code inside ajax or not as I am completely new to AJAX. While I was trying, I was having issue i.e when I write code for SQL update inside the ajax code, it gives me an error saying "Uncaught Syntax Error: Missing catch or finally after try". Here is the code that I am working on:

$("#ktId").change(function(){
var cataid = $("#ktId option:selected").val();
var tktid = $(this).attr('tktid');
if (tktid != '') {
    $.ajax({
        async: false,
        type : 'POST',
        url : 'ajax/ticketload_test.asp',
        data : { cataid: cataid, tktid: tktid },
        success : function(responseData) {
        try {

            SQL = "UPDATE tbltkt SET ticketType = '& cataid &' WHERE id = '" & Request("tktid")& "'"
            }
        } 
        catch(e) {/*ignore*/}

        }
    });
} else {
        alert("Please fill in the catagory!");
    }
});

Background: In classic ASP, I have to create and select the value from the drop-down list. So "#ktId" above mentioned is the id for the drop-down. After selecting an option from drop-down, I just need to update the table i.e tbltkt mentioned above. "ticketType" is the field or column for the options in the drop-down. So can anyone please mention or point out my mistake here. Can I use SQL update code in the ajax?

Improve this question
2
  • What kind of database are you accessing this way? I feel that you have a some serious miconceptions here... Commented Nov 17, 2015 at 15:41
  • I would say its operational DB, SQL Server..For this specific part, I just have to create a drop-down box on an ASP page (use only by customer service representatives). When they select an option from drop-down, that specific table need to be updated. Purpose of it is just to catagorizing or grouping the types of issues they get from customers. Commented Nov 17, 2015 at 15:56

3 Answers 3

Reset to default
1

Please don't do that. Read about SQL injection here: SQL INJECTION

All your SQL code must be present ONLY in the server side or as a Stored Procedure. Just send your variables to the server and make the query in the server side. Please read about SQL Injection in order to avoid hacking.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you I will definitely keep it on mind @Walter White
1

It's not really safe. Maybe you should reconsider your architecture? However, your syntax error is because of extra brace after SQL. But still, any your SQL procedures won't work if you write it in callback

Improve this answer

1 Comment

Great, Thank you @legotin
0

The main point here is that who should actually access the database is your application server (IIS if you're using ASP in the backend), which is in turn listening to your AJAX requests. So, the code that access your database may be in the server side, and not mixed with the javascript functions, what could lead to SQL injection attacks as described in another answer above.

So you should have to code some server handler to listen to your AJAX call on wich you put the parameters that this handler will use to construct the SQL query, launch it against the database server, and return a view (or JSON data) with the results.

Sorry but I cannot be more specfic if you don't give more details about the architecture of your application and the technologies you're using.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.