Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Cascading dropdown - XML returning null

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since moving to a https server and updating code, I'm having problems with cascading dropdown boxes that were previously working.

I get an XML Parsing Error: no element found, as well as an error telling me that XmlHttpObj.responseXML is null.

Ajax function causing error:


XML page which is returning the null value:


I have no idea what is causing this. Please help!

 
Lari Conroy
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Found an answer: mysqli_free_result($result); needed moving to after the while loop, as it discards the result: php.net/manual/en/mysqli-result.free.php

Also, $valueA and $valueA are incorrectly labelled for this example, sorry about that - should be $parent and $level.
 
Sheriff
Posts: 21974
106
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch!

It's great that you have solved this issue, but I did notice a massive security issue with your code. You're creating a query by appending the values of query parameters directly in your query. That's an SQL injection attack waiting to happen. You should make sure that the values are escaped. There are a few ways:
1) Use PDO instead of mysqli. PDO is a layer on top of mysqli (or whatever database you're using) that provides a lot of extra features. One of these features is parameter binding - in your query you put a place holder, and then you bind a value to the place holder. See http://php.net/manual/en/pdostatement.bindparam.php for more information.
2) Use mysqli's own parameter binding: http://php.net/manual/en/mysqli-stmt.bind-param.php.

Now I suggest using PDO first, because it will allow you to switch databases much easier.
 
Lari Conroy
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the advice, I definitely want to get that sorted!
 
Rob Spoor
Sheriff
Posts: 21974
106
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're welcome.
 
Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic