When I passing data in the blade file through wire:click="data('text')" then it's working fine.
But if I change the value in the blade file like wire:click="data('new text')", then this value changed.
This is my blade file
<button wire:click="delete('1')" type="button">Delete Record</button>
But when I change the value in the blade file and click on the button then this value changed.
<button wire:click="delete('10')" type="button">Delete Record</button>
Please! tell me. How this problem will be solved.
The short answer is, that's how any and all forms work - be it Livewire, a standard HTTP form or via Ajax. This can be done with any data the user passes to your server, and it's normal, expected behaviour. There is no way you can prevent it entirely. Users can manipulate any of the data they send themselves.
The lesson here is don't trust user input! And to act on that, you need authorisation and validation of all incoming requests. This must be done on the server where you accept the request (meaning in PHP) and not in the client (like JavaScript), as anything client-side can be manipulated by the user like you've just seen.
Laravel offers policies and guards, so that you very easily can validate that the user has access to perform given actions and change or delete the record they attempt to act on. This makes validation and authorisation very easy in Laravel projects, but there's no magic - you have to implement it for all of the requests where users can pass data or call actions in your application.
Related
I have Restful controller that renders a view with data from database and I want to load this view with its data in another view via ajax. There is a problem "undefined variable". Is there any solution?
When you pass variables to your view they are only available on the server side while the view renders and then they are discarded. What this means is that the variables are only available to the php of your application and then they are gone by the time the view has been rendered and sent to the visitors web browser.
If you try to use the variables with JavaScript then you are running the JavaScript on the client side (as opposed to the server side). The variables that you pass to your view do not exist on the client side where your JavaScript runs.
From what it sounds like. You are defining a variable in your controller via laravel. Then you are passing the variable from the controller to the view. The view is then rendered as html and sent to the visitor's computer (the client) which the html is then loaded and that is when the JavaScript starts to load.
That's the problem, now possible solutions.
First you could send the variable (assuming it is simple data and not like an object) to the browser through laravel flash variables which are actually stored on one time cookies on the client side. Then you use JavaScript to access the cookie and get the data then storing it to a js variable and using it in your script.
Second you create an Api to respond to your http requests and then send an Ajax request from your JavaScript to the api to get the data. Then you would store it in JavaScript and use it. This allows complex data like objects because you would use the JSON format to send information to respond to the Ajax call. While cookies are restricted to (5kb I think) there is really no theoretical limit to JSON data.
I hope that helps and I hope I'm understanding your problem.
Would need to see your javascript before anything, but usually for me this means a misspelled element id or misspelled a reference file
I need to trigger ajax requests on wordpress frontend in order to get some custom response. lets say to get next/previous post-ID in JSON format.
In production environment the wp-admin directory is inacccessible for http requests by htaccess.
Whats the best practice to solve this problem?
Because AJAX is already used in WordPress’ back end, it has been basically implemented for you. All you need to do is use the functions available. Let’s look at the process in general before diving into the code.
Every AJAX request goes through the admin-ajax.php file in the wp-admin folder. That this file is named admin-ajax might be a bit confusing. I quite agree, but this is just how the development process turned out. So, we should use admin-ajax.php for back-end and user-facing AJAX.
Each request needs to supply at least one piece of data (using the GET or POST method) called action. Based on this action, the code in admin-ajax.php creates two hooks, wp_ajax_my_action and wp_ajax_nopriv_my_action, where my_action is the value of the GET or POST variable action.
Adding a function to the first hook means that that function will fire if a logged-in user initiates the action. Using the second hook, you can cater to logged-out users separately.
I started integrating SecureSocial in my play/scala app, but I don't really like all the redirects it does between it's different views.
example - try to login from it's default login page and if you put in a wrong pass you will be redirected to a different page (url) but with the same login form. the only thing that is different is that there is an error message...
I want a simple login form (user/password provider) at the corner of my main page that submits it's data using ajax, this data is validated on the server and a response is made to either display error message/s or change the window.location.
Next to this form I will put a link to go to a more advanced login page that adds the option to use other providers like fb/twitter etc..
But from that page I also want to use ajax to submit the details and get the response.
I tried to browse into the SecureSocial source but got a little lost in there.
Can any one give me an idea how to use SecureSocial's but without using any of it's views?
NOTE: I'm not interested in customizing their views, It's not just a CSS/design issue, I want to handle the login details Ajaxly and not with normal form submission followed by redirects...
After some more rummaging around in SecureSocial code I got a better understanding of how it operates.
You can use any of the providers you listed in the play.plugins file seperatly to authenthicate the user's info from your own login/auth code. just make sure you send the right parameters that the provider needs.
I liked the way SecureSocial's ProviderController class dynamically decided what provider to use, based on a parameter. But I didn't like the responses it made - redirect.. I wanted to respond to an ajax request with some data and let the client side js handle it.
This is my solution:
pretty much copy all of ProviderController code to my own Auth.scala file (a Controller).
Changed the redirects related to "case ex, case _", kept the redirect on successful auth as it adds the SecureSocial session key related to the user.
Removed all the SecureSocial related routes from my routes file.
Put an additional hidden field with the logintype (userpass/google/fb/etc...) and configured my login ajax post to sent this along with the post to my Auth controller.
If you need more info comment here and I'll edit the answer.
I have a PHP MVC Web App and Apache mod_rewrite rules already working fine, but when I create forms using method="get", the submitted URL looks like
contact/submit?a=b&c=d
I would like my form to submit to
contact/submit/a/b/c/d
Both posting and getting the form work fine on the server side, but when using post method, the back button always asks for reposting the form values and furthermore I want the strings in the URL for SEO. I think JQuery might let me intercept the form submit event and refresh to the url dynamically, but it it seems there must be an easier way to do it that I am missing.
You could use the POST->REDIRECT->GET pattern that Spring Web Flow utilizes. This would allow you to post as you wish and then redirect to contact/submit/a/b/c/d. It would also solve the problem with the back button asking you if you want to resubmit your form data. See this related article.
The GET method uses standard query string arguments to pass form data via an HTTP GET request.
The HTTP GET request is not intended to modify any data on the server. POST is designed for modifying data on the server.
GET may be cached. POST will not.
/a/b/c/d is not a standard format (as in RFC) for passing data. However, for requesting data or URLs to post to, that has become popular.
So, if you are updating server data, just use a POST -> REDIRECT -> /a/b/c/d.
If you are just reading data from the server, then you will need to use a bit of Javascript to read your form values and construct a query string, and then go to it with window.location = ...
Have fun!
I have many forms that use AJAX (w/ jQuery) for validation and data submission. When a form is filled out correctly, I use window.location to redirect the page after I get an acceptable response from the PHP script. On the new page, I use a session variable (set after the AJAX calls) to display the appropriate content. Please tell me if this is standard practice or please give me some suggestions.
Thanks!
Is there a reason you would use a $_SESSION variable to store the post-submission content? Standard practice would be to validate the form via AJAX but submit it in the standard way (i.e. via $_GET or $_POST) after validation. This way you don't need to store anything to a session and you'll likely have less to debug as you'll be submitting the form and displaying its results in the most widely-accepted way.
The benefit of AJAX is typically so that you can submit the form without actually having to do the redirect/refresh. You could get the same functionality by simply having your form POST to the destination URL, redirect to the appropriate place from there or send them back to the form displaying any errors that may have occurred. You could use AJAX to validate the form before the submission to save your users a redirection back to the form to fix their errors, but this is really just a convenience for them. Also, you will have to validate any user data on the server side once it has been submitted, as you can't rely on client-side validation, so you might as well forget the AJAX validation.