0

I have a function that is being called when I click a button. The data I pass on the function is not enclosed in a form tag so I have to manually include the csrf token:

function NewDeleteBox(box_id, batch_id, staff_id){
    $.ajax({
      url: 'oss/admin/delete_box',
      type: "POST",
      data: {'batch_id': batch_id, 'staff_id': staff_id, 'box_id': box_id, '<?php echo $this->security->get_csrf_token_name(); ?>': '<?php echo $this->security->get_csrf_hash();?>'},
      success: function(data) {
    
      }
    });
}

However, my csrf_token_name and hash is not working. It shows just like how I declare them in my data.

enter image description here

Any idea why I'm getting this? Thanks!

Improve this question
5
  • is this code on a .php file ? jst want to make sure Commented Jun 16, 2017 at 17:26
  • 2
    Yes. Because you are wrapping your PHP in quotes (thus turning them into strings )- so jQuery is going to treat it as a string - and so will your client. Also, your file needs to be .php Commented Jun 16, 2017 at 17:26
  • @RiazLaskar this is on a JS file. This is in codeigniter so the url is the subfolder/controller/method Commented Jun 16, 2017 at 17:28
  • No.....only .php can handle that Commented Jun 16, 2017 at 17:29
  • 3
    You cannot put it in a JS file. .php extension tells your server to look for php in the file. It wont run PHP when the file extension is .js Commented Jun 16, 2017 at 17:29

2 Answers 2

Reset to default
1

If you have put in all the code in a php file and still its not working then you can take another approach.

Put two hidden fields on the same page, assigned them unique id(s). and then in this ajax function, get their values using jQuery.

<input type="hidden" id="csrf" value="<?php echo $this->security->get_csrf_token_name(); ?>">
<input type="hidden" id="hash" value="<?php echo $this->security->get_csrf_hash();?>">

then your javascript function should be something like:

function NewDeleteBox(box_id, batch_id, staff_id){
var csrf = $("#csrf").val();
var hash = $("#hash").val();
var postdata = {'batch_id': batch_id, 'staff_id': staff_id, 'box_id': box_id};
postdata[csrf] = hash;
    $.ajax({
      url: 'oss/admin/delete_box',
      type: "POST",
      data: postdata ,
      success: function(data) {

      }
    });
}
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

yep I just did this. But the the hash is okay but the token name is not being picked up. I also tried directly adding those 2 when I call the function.but still the same. csrf: hash produces csrf: some_random_hash When I alert the csrf, it shows my token name. But when I add it on my data, it's just csrf.
Did you check these two hidden input values using developer tool (inspect element) of browser ?
Yes. They have the right value. I'm confused as to why the token name is not being picked up. I also used alert(csrf); - it has the right value. But when I check the form data, the token name is literally csrf and not the actual name.
You should remove ' from the values. data: {batch_id: batch_id, staff_id: staff_id, box_id: box_id, csrf: hash},
1

php code wont work on a .js file. just put it in a .php file inside script tags it should work fine.

<script>
function NewDeleteBox(box_id, batch_id, staff_id){
    $.ajax({
      url: 'oss/admin/delete_box',
      type: "POST",
      data: {'batch_id': batch_id, 'staff_id': staff_id, 'box_id': box_id, '<?php echo $this->security->get_csrf_token_name(); ?>': '<?php echo $this->security->get_csrf_hash();?>'},
      success: function(data) {

      }
    });
}
</script>
Improve this answer

8 Comments

And the php script cannot be wrapped in quotes - else it will be treated as a string.
@Korgrue you are incorrect !!!, php code works in quotes too , u cn test it yourself, infact in situations if u dont put quotes u will get a js error.
@RiazLaskar All my js functions are in an external file so I want to stick with that. Thanks for pointing out my error. :)
then pass them as arg to the function it should work fine.
I tried that but I encountered the same issue with @Himanshu Upadhyay's approach. The token name is not being picked up.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.