Symbols and Numerics A

Index

Symbols and Numerics functions to submit forms, 76 ", ', <, >, & characters images, 87–99 htmlentities function changing, 192 introduction, 4 200/304/401/403/404/500/503 HTTP making user aware of page changes, response codes, 12 57 MySQL tips and precautions, 57–58 A navigation, 20–24, 125–127 passing values in forms, 69–80 abort method PHP and, 25–48 XMLHttpRequest object, 14 processajax function, 74 action attribute, form tag reasons for increasing popularity, 8 passing values in forms, 69 receding limitations on web pages, ActiveX object 123 submitting forms via Ajax, 77 runajax function, 143 addFunction method security, 58, 187–204 combining Ajax with SOAP web server connection overload, 57 services, 144 showing/hiding content, 26–32 addslashes function submitting forms via, 69–80 avoiding SQL injection, 58 system requirements, 8 Ajax tool tips example, 44–47 acronym expanded, 6 user’s lack of familiarity with auto-completion, 32–40 technology, 123 background, 7 when to use, 124–128 browsers supporting, 8 Ajax navigation, 125–127 combining Ajax and XML with DOM, Back button, 125 223–227 hidden elements, 127–128 combining HTML_Table module Ajax Location Manager, 228–232 with, 129–133 Ajax portability combining with web services, cross-browser issues, 175–177 137–147 Ajax requests, response time concerns creating Ajax-based photo gallery, cross-browser issues, 180–182 101–122 Amazon description, 6 web services, 135, 136 dynamic form submittal in action, 70 appendChild method form validation example, 41–43 DOM elements, 220 235 236 ■INDEX

applications browser upgrades, 185 creating Ajax-based photo gallery, graceful degradation, JavaScript, 101–122 183–185 array_search function JavaScript switched off in browser, creating Ajax-based photo gallery, 175 119 noscript element, 184 asynchronous requests saving Back/Forward buttons, combining Ajax with SOAP web 177–180 services, 143 cross-browser usage of SOAP web services, 137 XMLHttpRequest, 17–19 attack surface Firefox extensions, 208–212 security, 187–189 in-web site navigation, 177 attack surface security Internet Explorer extensions, related entry points within same 213–215 script, 188 support for Ajax, 8 using standard functions to process browsing tree structure user input, 188 DOM inspector, 208 attributes business logic, protecting, 200–203 filtering attributes from allowed tags, button element, 67 191 authentication C reauthentication for key actions, 192 calendar auto-completion, 32–40 database connection script for, 58 autocomp.php file, 79 retrieving information from auto-complete feature, 39, 40, 60, 61 database, 63 autocomplete function, 39 showing/hiding content example, 27–32 B calendar.php file Back button submitting forms via Ajax, 71 saving functionality of, 177–180 CGI (Common Gateway Interface), 2 when to use Ajax, 125 changesize function block table dynamic thumbnail generation, querying MySQL database, 52 95, 96 browser upgrades characters cross-browser issues, 185 JavaScript obfuscation, 201 browsers checkbox element, 67 client-side communication, 26 checkfortasks function cross-browser issues, 175–185 tool tips example, 45, 46 Ajax portability, 175–177 chmod command Ajax requests, response time uploading images, 90 concerns, 180–182 ■INDEX 237 className property cross-site scripting adding DOM elements, 220 see XSS clearTimeout function CSRF (cross-site request forgery), using delays to throttle requests, 197 193–196 client script accidental CSRF attacks, 195 combining Ajax with SOAP web confirming important actions services, 145 using one-time token, 193 client-side communication, 26 using user’s password, 195 client-side processing GET method, 195 video game store finder, 155 POST method, 195 closetask function XSS (cross-site scripting) compared, auto-complete example, 39 193 code obfuscator, 200 CSS animation config.php file creating Ajax-based photo gallery, Find it faster at creating Ajax-based photo gallery, 111, 112 105, 117 CSS properties CONNECT method, HTTP request, 13 DOM inspector, 208

connections, MySQL CSS styling http://superindex.apress.com/ video game store finder, 158 video game store finder, 154 content, showing/hiding, 26–32 curimage URL parameter cookies, stealing, 190 creating Ajax-based photo gallery, CREATE TABLE command 117 video game store finder, 163 createElement method D adding DOM elements, 219, 220 databases createform function connecting to MySQL, 51–52 auto-complete feature, 38 database connection script, 59 submitting forms via Ajax, 73, 76 server connection overload, 57 createInfoMarker function passing values from forms to, 78 video game store finder, 167 querying MySQL database, 52–56 createtext function retrieving information from, 63 using HTML_Table module, 132 dbconnector.php file createthumb function connecting to MySQL, 51 creating Ajax-based photo gallery, database connection script, 59, 60 118 video game store finder, 158, 170, dynamic thumbnail generation, 98 171, 173 cross-platform environment debugging web services, 135 Fiddler, 215 cross-site request forgery Firefox JavaScript debugging console, see CSRF 206–207 238 ■INDEX

HTTP debugging tool, IE, 215 Ajax Location Manager, 228–232 Internet Explorer JavaScript browser DOM issues, JavaScript, 175 debugger, 206 combining Ajax and XML with, Venkman JavaScript debugger, 223–227 211–212 manipulating DOM elements, working with DOM, 217 221–222 degrading JavaScript gracefully manipulating XML using, 222 cross-browser issues, 183–185 DOM explorer noscript element, 184 developer toolbar, IE, 214 delays DOM inspector using delays to throttle requests, 197 Firefox extensions, 208 DELETE method, HTTP request, 13 doneloading function, 92, 93 deleteRow function DoS (denial of service) attack, 196–200 combining Ajax and XML with DOM, optimizing Ajax response data, 198 229, 232 using delays to throttle requests, 197 deleting images drop-down menus creating Ajax-based photo gallery, hidden elements, 127 111, 113 dynamic thumbnail generation, 95–99 delpic.php script creating Ajax-based photo gallery, E 116, 121 eBay denial of service attack web services, 135 see DoS (denial of service) attack elements developer community, PHP, 25 DOM elements developer toolbar accessing, 217–219 Internet Explorer extensions, 214 accessing elements within forms, DHTML (Dynamic HyperText Markup 219 Language), 3 adding and removing, 219–221 displaying images, 91–93 getElementById method, 217–218 div elements getElementsByTagName method, loading images, 114 218–219 DOM (document object model), manipulating, 221–222 217–233 hidden elements, 127 accessing DOM elements, 217–219 HTML form elements, 67–68 accessing elements within forms, updating element property via DOM, 219 217 getElementById method, 217–218 enctype argument, form tag getElementsByTagName method, creating Ajax-based photo gallery, 218–219 115 adding and removing DOM elements, 219–221 ■INDEX 239 entry points Firefox attack surface security, 187–189 JavaScript debugging console, related entry points within same 206–207 script, 188 Firefox extensions, 208–212 error message box DOM inspector, 208 Firefox JavaScript debugging console, HTML Validator, 212 207 LiveHTTPHeaders extension, error messages 209–211 creating Ajax-based photo gallery, Venkman JavaScript debugger, 114 211–212 Firefox JavaScript debugging console, web developer toolbar, 208 206 Flash, 2 JavaScript, 205–207 Flickr, 4 errors FLOSS (Free/Libre and Open Source Find it faster at combining Ajax with SOAP web Software) services, 145 cost of using MySQL with PHP, 49 escape tags when outputting client- footers

submitted data, 192 Ajax-based navigation in, 126 http://superindex.apress.com/ escapeshellarg function, 189 form submission, processing events video game store finder, 159 manipulating DOM elements, 221 form validation, 80–86 exceptions example, 41–43 combining Ajax with SOAP web trim function, 166 services, 145 forms, 67–86 exit function Ajax-based dynamic form submittal form validation, 86 in action, 70 extensions DOM accessing elements within, 219 Firefox, 208–212 functions submitting forms via Ajax, Internet Explorer, 213–215 76 GET method, 68 F HTML form elements, 67–68 Fiddler passing values, 69 Internet Explorer extensions, 215 POST method, 69 file element submitting forms via Ajax, 69–80 HTML form elements, 68 forums file_exists function XSS (cross-site scripting), 189 displaying images, 93 Forward button findPosX/findPosY functions saving functionality of, 177–180 auto-complete example, 39 function names JavaScript obfuscation, 200 240 ■INDEX

functions HEAD, 13 introduction to SOAP web services, hidetask, 45 136 htmlentities, 189, 192 not defining multiple times, 119 imageClick, 117 functions and methods init, 166, 167, 221 abort, 14 initialize, 180 addFunction, 144 intval, 58 addslashes, 58 isNaN, 133 appendChild, 220 isValidEmail, 202 array_search, 119 is_file, 93 autocomplete, 39 join, 172 changesize, 95, 96 loadLocations, 228, 230 checkfortasks, 45, 46 loadMap, 167 clearTimeout, 197 loadthescores, 142 closetask, 39 loadtotals, 132, 133 CONNECT, 13 makerequest, 23 createElement, 219, 220 max, 120 createform, 38, 73, 76 min, 119 createInfoMarker, 167 move_uploaded_file, 90 createtext, 132 mysql_close, 64 createthumb, 98, 118 mysql_connect, 51, 52, 59 DELETE, 13 mysql_fetch_array, 64 deleteRow, 229, 232 mysql_num_rows, 64 doneloading, 92, 93 mysql_real_escape_string, 58, 189 escapeshellarg, 189 mysql_select_db, 52 exit, 86 onreadystatechange, 167 file_exists, 93 open, 14, 15, 20 findPosX/findPosY, 39 opendatabase, 56, 64, 171, 173 GET, 13, 19, 68, 168, 195 OPTIONS, 13 getAllResponseHeaders, 14 parseInt, 133 getAttribute, 222, 231 POST, 13, 19, 69, 144, 168, 195 getElementById, 217–218 preg_quote, 189 getElementsByTagName, 218–219, preg_replace, 189, 191 231 processajax, 74, 77, 83, 92, 177, 183, getformvalues, 76, 77, 82, 83 184 getHockeyGames, 144, 145 PUT, 13 getImages, 117 rand, 143 getResponseHeader, 14, 15 refreshView, 116 getxmlhttp, 73, 91 removeChild, 220 grabword, 54, 56 removeElement, 220 handleHistoryChange, 180 removeimg, 116 ■INDEX 241

require_once, 119 loading images, 94 runajax, 143 video game store finder, 155, 164, 166 runRequest, 198 functions.php file script initialization, 167 creating Ajax-based photo gallery, send, 14, 15, 77 106, 117 session_destroy, 192 session_regenerate_id, 192 G setCellAttributes, 132 galleries setRequestHeader, 14, 15, 77 creating Ajax-based photo gallery, setStatus, 94 101–122 setTimeout, 116, 143, 169, 197 geocoder.us setvalue, 39, 40 ZIP code conversions, 152 setWidthHeight, 98 GET method, 68 Find it faster at showHideCalendar, 29 CSRF (cross-site request forgery), 195 showLoadMsg, 182 HTTP request methods, 13 showMessage, 166, 169 sending request to server, 19 sprintf, 172, 173 video game store finder, 168

startTimer, 198 getAllResponseHeaders method http://superindex.apress.com/ strip_tags, 189, 191 XMLHttpRequest object, 14 styleRows, 229, 232 getAttribute method submitform, 76, 77, 83, 84, 168, 171, combining Ajax and XML with DOM, 172 231 toHTML, 132 manipulating XML using DOM, 222 TRACE, 13 getElementById method, 217–218 trim, 81, 166 getElementsByTagName method, uniqid, 194 218–219 updateStatus, 115 combining Ajax and XML with DOM, updateUI, 180 231 uploadimg, 89, 92, 94, 116 getformvalues function valfunc, 83 form validation, 82, 83 validateform, 42, 203 submitting forms via Ajax, 76, 77 validatetask, 81, 84 getHockeyGames function functions.js file Ajax with SOAP web services, 144, combining Ajax and XML with DOM, 145 225, 228 getImages function combining Ajax with web services, creating Ajax-based photo gallery, 139 117 creating Ajax-based photo gallery, getResponseHeader method 103, 114 XMLHttpRequest object, 14, 15 displaying images, 92 getxmlhttp function, 73, 91 242 ■INDEX

Gmail, 4 submitting forms via Ajax, 69 auto-completion example, 32 when to use Ajax, 127–128 GMap class hidden field element, 76 video game store finder, 167 hidden iframes Google creating Ajax-based photo gallery, web services, 135 116 Google Maps, 149–174 uploading images, 87 API key, 151, 163 hidetask function, 45 latitude and longitude values, 151 hiding/showing content, 26–32 postal code conversion, 151 history reasons for popularity, 149 Really Simple History, 177 usage levels, 151 saving Back and Forward buttons, video game store finder, 151–162 177–180 ZIP code conversions, 152 HTML code Google Suggest combining Ajax and XML with DOM, LiveHTTPHeaders extension, 210 224 optimizing Ajax response data, 198 combining Ajax with web services, using delays to throttle requests, 197 138 Venkman JavaScript debugger, 211 creating Ajax-based photo gallery, GPoint class 102 video game store finder, 167 passing values from forms to grabword function databases, 78 querying MySQL database, 54, 56 HTML document, DOM inspector, 208 graceful degradation, JavaScript HTML form elements, 67–68 cross-browser issues, 183–185 HTML table, creating combining Ajax and XML with DOM, H 223, 225, 228–232 handleHistoryChange function HTML Validator extension saving Back and Forward buttons, Firefox extensions, 212 180 HTML Wrapper code, 152 HEAD method, HTTP request, 13 htmlentities function, 189 headers escape tags when outputting client- getAllResponseHeaders method, 14 submitted data, 192 getResponseHeader method, 15 HTML_Table module, PEAR, 129–133 setRequestHeader method, 15 HTTP debugging tool hidden class Internet Explorer extensions, 215 response time concerns, Ajax, 182 HTTP request and response data hidden elements LiveHTTPHeaders extension, 209 HTTP request methods, 12 HTML form elements, 67 HTTP response codes, 12 ■INDEX 243

I intellectual property, protecting, iframes 200–203 uploading images, 87 Internet Explorer image element extensions, 213–215 HTML form elements, 67 developer toolbar, 214 passing values in forms, 69 Fiddler, 215 imageClick function HTTP debugging tool, 215 creating Ajax-based photo gallery, JavaScript debugger, 206 117 usage of XMLHttpRequest, 18 images intval function creating Ajax-based photo gallery, avoiding SQL injection, 58 101–122 isNaN function displaying images, 91–93 using HTML_Table module, 133 dynamic thumbnail generation, isValidEmail function Find it faster at 95–99 real-time server-side processing, 202 getImages function, 117 is_file function loading images, 94, 114 displaying images, 93

removeimg function, 116 http://superindex.apress.com/ uploadimg function, 89, 116 J uploading images, 87–90 JavaScript XSS (cross-site scripting), 190 Ajax portability issues, 175 in-web site navigation, 177 browser DOM issues, 175 init function browser implementations of, 175 manipulating DOM elements, 221 client-side communication, 26 video game store finder, 166, 167 combining Ajax and XML with DOM, initialize function 225 saving Back and Forward buttons, combining Ajax with web services, 180 138 innerHTML property creating Ajax-based photo gallery, combining Ajax and XML with DOM, 103, 114, 115 232 error reporting, 205–207 loading images, 94 Firefox JavaScript debugging console, input 206–207 removing unwanted tags from input graceful degradation, 183–185 data, 191 Internet Explorer JavaScript INSERT query debugger, 206 passing values from forms to obfuscation, 200 databases, 78 security, 187, 200 integers switched off in browser issue, 175 parseInt function, 133 244 ■INDEX

video game store finder, 155 locations.php file XSS (cross-site scripting), 190 video game store finder, 160, 173 join function XML generated by, 161 video game store finder, 172 locations.xml combining Ajax and XML with DOM, K 223 keys API key for Google Maps, 151, 163 M makerequest function L navigation example, 23 latitude and longitude values mapContainer Google Maps, 151 video game store finder, 166 postal code conversion, 151 mapping system video game store finder, 166 HTML Wrapper code, 152 ZIP code conversions, 152 marker elements links manipulating XML using DOM, 222 Ajax-based navigation for web sites, max function 124 creating Ajax-based photo gallery, link-based navigation, 125 120 LiveHTTPHeaders extension maxheight configuration parameter Firefox extensions, 209–211 creating Ajax-based photo gallery, loading images, 94 118 creating Ajax-based photo gallery, maxheightthumb setting 114 creating Ajax-based photo gallery, loadLocations function 120 combining Ajax and XML with DOM, maxperrow setting 228, 230 creating Ajax-based photo gallery, loadMap function 119 video game store finder, 167 maxwidth configuration parameter loadpanel element creating Ajax-based photo gallery, response time concerns, Ajax, 182 118 loadthescores function maxwidththumb setting combining Ajax with SOAP web creating Ajax-based photo gallery, 120 services, 142 loadtotals function messages using HTML_Table module, 132, 133 showMessage function, 166 locations updateStatus function, 115 Ajax Location Manager, 228–232 methods HTTP request methods, 12 XMLHttpRequest methods, 13–15 ■INDEX 245 methods, list of N see functions and methods navigation midpic.php script Ajax example, 20–24 creating Ajax-based photo gallery, Ajax-based, 125–127 108, 116, 117 suitability for web sites, 124 MIME type, 90 creating Ajax-based photo gallery, min function 109, 114 creating Ajax-based photo gallery, hidden elements, 127 119 in-web site navigation, 177 modulo operator (%) link-based, 125 combining Ajax and XML with DOM, saving Back and Forward buttons, 229 177–180 move_uploaded_file function Neuberg, Brad, 177 uploading images, 90 noscript element Find it faster at Mozilla degrading JavaScript gracefully, 184 Venkman JavaScript debugger, noshow class 211–212 uploading images, 89 msgContainer numeric values http://superindex.apress.com/ video game store finder, 166 JavaScript obfuscation, 201 multipage forms NuSOAP, 137 navigation and saving data, 125 MySQL O connecting to, 51–52 obfuscation, JavaScript, 200 database connection script, 59 objects server connection overload, 57 hidden elements, 127 cost of using with PHP, 49 onclick event features, 49 creating Ajax-based photo gallery, introduction, 50–51 121 querying MySQL database, 52–56 querying MySQL database, 53 tips and precautions, 57–58 submitting forms via Ajax, 73 mysql_close function, 64 one-time token mysql_connect function, 51, 52, 59 confirming important actions using, mysql_fetch_array function, 64 193 mysql_num_rows function, 64 onload event mysql_real_escape_string function uploading images, 90 SQL injection, 58 video game store finder, 164 mysql_real_escape_string function, 189 onreadystatechange function mysql_select_db function video game store finder, 167 connecting to MySQL, 52 246 ■INDEX

onreadystatechange property PHP XMLHttpRequest object, 16 Ajax and, 25–48 onsubmit event auto-completion, 32–40 video game store finder, 164 connecting to MySQL, 51 open method cost of using MySQL with, 49 XMLHttpRequest object, 14, 15 developer community, 25 sending request to server, 20 form validation example, 41–43 opendatabase function showing/hiding content, 26–32 querying MySQL database, 56 SOAP libraries, 137 retrieving information from tool tips example, 44–47 database, 64 using HTML_Table module, 129–133 video game store finder, 171, 173 php files OPTIONS method, HTTP request, 13 autocomp.php, 39, 40, 60, 61, 79 overloading system calendar.php, 71 denial of service attack, 196 config.php, 105, 117 dbconnector.php, 51 P delpic.php, 116, 121 page layout functions.php, 106, 117 XSS (cross-site scripting), 190 locations.php, 160, 161, 173 page refresh midpic.php, 108, 116, 117 receding limitations on web pages, picnav.php, 109, 116, 118 123 process_form.php, 159, 164, 171, 176 parseInt function process_task.php, 77, 85 using HTML_Table module, 133 process_upload.php, 108, 115 passwords process_upload.php, 89, 92 confirming important actions using showimg.php, 92, 93, 94, 95 user’s password, 195 taskchecker.php, 46, 63 protecting sessions, 192 theform.php, 38, 70, 84 PayPal thumb.php, 96 SOAP web services, 137 transfer.php, 194 web services, 135 validator.php, 42, 62 PEAR, 128–129 wordgrabber.php, 56 HTML_Table module, 129–133 phpMyAdmin installing PEAR modules, 129 connecting to MySQL, 51 photo gallery picnav.php script creating Ajax-based, 101–122 creating Ajax-based photo gallery, appearance, 111–113 109, 116, 118 code for, 102–111 portability, Ajax cross-browser issues, 175–177 how it works, 113–121 ■INDEX 247

POST method, 69 properties accidental CSRF attacks, 195 updating element property via DOM, combining Ajax with SOAP web 217 services, 144 XMLHttpRequest properties, 15–17 CSRF (cross-site request forgery), 195 PUT method, HTTP request, 13 HTTP request methods, 13 sending request to server, 19 Q video game store finder, 168 queries postal code conversion MySQL database, 52–56 latitude and longitude values, 151 preg_quote function, 189 R preg_replace function, 189 filtering attributes from allowed tags, radio button element

191 HTML form elements, 67 Find it faster at processajax function, 92 rand function degrading JavaScript gracefully, 183, combining Ajax with SOAP web 184 services, 143 readyState property

form validation, 83 http://superindex.apress.com/ function processing XMLHttpRequest object, 16 XMLHttpRequest, 74 sending request to server, 20 JavaScript switched off in browser, real-time server-side processing, 201 177 Really Simple History (RSH), 177–180 submitting forms via Ajax, 77 refresh rate processing form submission creating Ajax-based photo gallery, video game store finder, 159 115 process_form.php file refreshView function JavaScript switched off in browser, creating Ajax-based photo gallery, 176 116 video game store finder, 159, 164, 171 registration form process_task.php file, 77 attack surface security, 187 form validation, 85 remote procedures process_upload.php file combining Ajax with SOAP web creating Ajax-based photo gallery, services, 144 108, 115 removeChild method process_upload.php file removing DOM elements, 220 determining when image upload removeElement function complete, 92 adding/removing DOM elements, uploading images, 89 220 combining Ajax and XML with DOM, 228, 229 248 ■INDEX

removeimg function runRequest function creating Ajax-based photo gallery, using delays to throttle requests, 198 116 request methods S HTTP request methods, 12 sanitizing user-inputted data request/response model using standard functions to process, Ajax model, 7 189 illustrated, 2 XSS (cross-site scripting), 189 traditional model, 6 script initialization function requests video game store finder, 167 sending request to server, 19–20 security, 187–204 setRequestHeader method, 15 Ajax, 58 using delays to throttle requests, 197 attack surface, 187–189 REQUEST_METHOD variable, changing page layout, 190 $_SERVER array confirming important actions combining Ajax with SOAP web using one-time token, 193 services, 144 using user’s password, 195 require_once function CSRF (cross-site request forgery), creating Ajax-based photo gallery, 193–196 119 displaying unwanted images, 190 reset button element, HTML, 67 DoS (denial of service) attack, response codes 196–200 HTTP response codes, 12 escape tags when outputting client- response time concerns, Ajax submitted data, 192 cross-browser issues, 180–182 filtering attributes from allowed tags, responses 191 getAllResponseHeaders method, 14 GET method, 195 getResponseHeader method, 15 JavaScript, 187, 190, 200 optimizing Ajax response data, 198 JavaScript obfuscation, 200 responseText property new and old issues, 187 XMLHttpRequest object, 16 optimizing Ajax response data, 198 responseXML property POST method, 195 manipulating XML using DOM, 222 protecting intellectual property and XMLHttpRequest object, 16, 17 business logic, 200–203 reverse engineering protecting sessions, 192 JavaScript security, 200 real-time server-side processing, 201 RSH (Really Simple History), 177–180 reauthentication for key actions, 192 runajax function related entry points within same combining Ajax with SOAP web script, 188 services, 143 ■INDEX 249

removing unwanted tags from input setWidthHeight function data, 191 dynamic thumbnail generation, 98 SQL injection, 58 showHideCalendar function, 29 stealing user’s cookies, 190 showimg div wrapper tracking page statistics, 190 dynamic thumbnail generation, 96 using delays to throttle requests, 197 showimg.php file using standard functions to process displaying images, 92, 93 user input, 188 dynamic thumbnail generation, 95 XMLHttpRequest object, 195 loading images, 94 XSS (cross-site scripting), 189–193 showing/hiding content, 26–32 select element, HTML forms, 68 showLoadMsg function send method response time concerns, Ajax, 182 XMLHttpRequest object, 14, 15 showMessage function

passing str variable to, 77 video game store finder, 166, 169 Find it faster at server requests, 11 SOAP server setup combining Ajax with web services, combining Ajax with SOAP web 137–147

services, 143 detecting location of server, 145 http://superindex.apress.com/ server-side processing NuSOAP, 137 real-time server-side processing, 201 SOAP web services, 136–137 Session Inspector tab, Fiddler, 215 SOAP Client code, 139 sessions, protecting, 192 SOAP web service code, 141 session_destroy function, 192 SoapClient class, 145 session_regenerate_id function, 192 SoapServer class, 144 setCellAttributes function spatially enabled web applications using HTML_Table module, 132 Google Maps, 149–174 setRequestHeader method reasons for popularity, 149 submitting forms via Ajax, 77 sprintf function XMLHttpRequest object, 14, 15 video game store finder, 172, 173 setStatus function SQL injection, 58 loading images, 94 SQLyog setTimeout function connecting to MySQL, 51 combining Ajax with SOAP web startTimer function services, 143 using delays to throttle requests, 198 creating Ajax-based photo gallery, state 116 onreadystatechange property, 16 video game store finder, 169 readyState property, 16 using delays to throttle requests, 197 status messages setvalue function updateStatus function, 115 auto-complete example, 39, 40 250 ■INDEX

status property filtering attributes from allowed tags, XMLHttpRequest object, 16, 17 191 sending request to server, 20 getElementsByTagName method, statusText property 218–219 XMLHttpRequest object, 16, 17 removing unwanted tags from input store table data, 191 video game store finder, 163 strip_tags function, 191 stored procedures, MySQL, 49 task table, creating, 58 strip_tags function, 189 taskchecker.php file removing unwanted tags from input retrieving information from data, 191 database, 63 style.css tool tips example, 46 video game store finder, 154 text styleRows function responseText property, 16 combining Ajax and XML with DOM, statusText property, 17 229, 232 text field element submit button element HTML form elements, 68 HTML form elements, 68 submitting forms via Ajax, 69 submitting forms via Ajax, 69 textarea element, HTML forms, 68 submit element submitting forms via Ajax, 69 passing values in forms, 69 theform.php file submitform function auto-complete feature, 38 form validation, 83, 84 form validation, 84 passing values in forms, 76 submitting forms via Ajax, 70 submitting forms via Ajax, 76, 77 third-party plug-ins video game store finder, 168, 171, 172 Firefox extensions, 208–212 suggestions Internet Explorer extensions, LiveHTTPHeaders extension, 210 213–215 thumb.php file T dynamic thumbnail generation, 96 tables thumbnails CREATE TABLE command, 163 createthumb function, 118 creating HTML table creating Ajax-based photo gallery, combining Ajax and XML with 118 DOM, 223, 225, 228–232 thumbnail navigation, 109, 114 tags dynamic thumbnail generation, escape tags when outputting client- 95–99 submitted data, 192 toHTML method fake HTML tags, 191 using HTML_Table module, 132 ■INDEX 251 tokens uri parameter confirming important actions using combining Ajax with SOAP web one-time token, 193 services, 144, 145 tool tips example, 44–47 user input toolbars escape tags when outputting client- developer toolbar, IE, 214 submitted data, 192 web developer toolbar, Firefox, 208 removing unwanted tags from input TRACE method, HTTP request, 13 data, 191 transfer.php script using standard functions to process, confirming important actions using 188 one-time token, 194 XSS (cross-site scripting), 189 tree structure browsing user table, creating, 59 DOM inspector, 208 username triggers, MySQL, 49 attack surface security, 187 Find it faster at trim function form validation, 81 V video game store finder, 166 valfunc function, 83 try . . . catch block validateform function, 42 http://superindex.apress.com/ combining Ajax with SOAP web real-time server-side processing, 203 services, 145 validatetask function, 81, 84 TurboDbAdmin application, 49 validation form validation, 80–86 U example, 41–43 uniqid function JavaScript switched off in browser, confirming important actions using 176 one-time token, 194 real-time server-side processing, 201 updateStatus function submitting forms via Ajax, 69 creating Ajax-based photo gallery, validator.php file 115 form validation example, 42, 62 updateUI function values saving Back and Forward buttons, passing values in forms, 69 180 variable names upgrades, browsers JavaScript obfuscation, 200 cross-browser issues, 185 variables uploadimg function, 89, 92, 94 not defining multiple times, 119 creating Ajax-based photo gallery, Venkman JavaScript debugger 116 Firefox extensions, 211–212 uploading images, 87–90 video game store finder, 151–162 creating Ajax-based photo gallery, client-side processing, 155 108, 111, 112, 115 connections, MySQL, 158 252 ■INDEX

CSS styling, 154 wordgrabber.php file HTML Wrapper code, 152 querying MySQL database, 56 JavaScript code, 155 wrapper files processing form submission, 159 creating Ajax-based photo gallery, XML for saved locations, 160 113 XML generated by locations.php, 161 views, MySQL, 49 X visibility style XML response time concerns, Ajax, 182 combining Ajax and XML with DOM, 223–227 W optimizing Ajax response data, 198 web applications responseXML property, 17 Google Maps, 149–174 XML documents PHP and Ajax examples, 26 DOM inspector, 208 pros and cons of creating, 3 manipulating XML using DOM, 222 spatially enabled, 149–174 XML for saved locations web browsers video game store finder, 160 see browsers XML generated by locations.php, 161 web developer toolbar XMLHttp class Firefox extensions, 208 function creating XMLHttp object, Internet Explorer extensions, 214 73, 91 web forums xmlhttp.js XSS (cross-site scripting), 189 displaying images, 91 web pages submitting forms via Ajax, 73 ergonomic display of, 123–134 XMLHttpRequest object, 13–20 page refresh, 123 Browser differences for, 13 receding limitations on, 123 browser upgrades, 185 web services, 135–147 combining Ajax and XML with DOM, combining Ajax with, 137–147 228 detecting location of server, 145 cross-browser issues, 175 introduction to SOAP web services, cross-browser usage, 17–19 136–137 function processing web sites XMLHttpRequest, 74, 92 Ajax-based navigation suitability for, introduction, 6, 7 124 LiveHTTPHeaders extension, 209 when to use Ajax, 124 manipulating XML using DOM, 222 whitespace methods, 13–15 JavaScript obfuscation, 200 abort, 14 trim function, 166 getAllResponseHeaders, 14 getResponseHeader, 14, 15 ■INDEX 253

open, 14, 15 Z send, 14, 15 ZIP code conversions setRequestHeader, 14, 15 latitude and longitude values, 152 passing str variable to send method, ZIPCodeWorld 77 postal code conversion, 151 passing values in forms, 69 zoom level properties, 15–17 video game store finder, 166 onreadystatechange, 16 readyState, 16 responseText, 16 responseXML, 16, 17 status, 16, 17 statusText, 16, 17

querying MySQL database, 56 Find it faster at security, 195 sending request to server, 19–20 submitting forms via Ajax, 77

uploading images, 87 http://superindex.apress.com/ video game store finder, 167, 169 XSS (cross-site scripting), 189–193 changing page layout, 190 CSRF compared, 193 displaying unwanted images, 190 entering JavaScript, 190 escape tags when outputting client- submitted data, 192 filtering attributes from allowed tags, 191 protecting sessions, 192 removing unwanted tags from input data, 191 stealing user’s cookies, 190 tracking page statistics, 190