开发者

php load page page into div ,java script not working

i am using ajax to load pages into a div the page is loading fine but i cant run the php and javascript in that loaded page

in server i am loading the page 开发者_JAVA技巧like this

file_get_contents('../' . $PAGE_URL);

in the browser i am setting the content of the div using

eval("var r = " + response.responseText);

and setting the innerHTML for that div with the retrieve information but when i get the new inner page no php or java script is working

is that suppose to be like that ?


Well the php is not going to work I think because the way you are handling it, it is just text. I would suggest using something like include('../' . $PAGE_URL); and that should parse the php. The javascript problem probably has to do with the fact that you are loading <html> <body> <head> tags in a div I'm not sure what happens when you do that, but it shouldn't work properly. Try using some type of <frame> tag.


In order for your javascript to be executed properly, you have to wait until the browser has finished to load the page.

This event is named onload(). Your code should be executed on this event.


<?php
    $file = false;

    if(isset($_GET['load'] && is_string($_GET['load'])) {
        $tmp = stripclashes($_GET['load']);
        $tmp = str_replace(".","",$tmp);

        $file = $tmp . '.php';
    }

    if($file != false && file_exists($file) && is_readable($file)) {
        require_once $file;
    }

?>

called via file.php?load=test

That process the PHP file, and as long as you spit out HTML from the file simply

target = document.getElementById('page');    
target.innerHTML = response.responseText;

Now, i'm fairly certain parts of that are insecure, you could have a whitelist of allowable requires. It should ideally be looking in a specific directory for the files also. I'm honestly not all too sure about directly dumping the responseText back into a DIV either, security wise as it's ripe for XSS. But it's the end of the day and I haven't looked up anything on that one. Be aware, without any kind of checking on this, you could have a user being directed to a third party site using file_get_contents, which would be a Very Bad Thing. You could eval in PHP a file_get_contents request, which... is well, Very Very Bad. For example try

<?php
     echo file_get_contents("http://www.google.com");
?>

But I fear I must ask here, why are you doing it this way? This seems a very roundabout way to achieve a Hyperlink.

Is this AJAX for AJAXs sake?

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜