2

I have got a script for file uploading with progress bar . I have done some modifications to do some check and everything working perfectly. Just have a little problem about passing a variable from the javascript(ajax) file to the php file

here is my code:

var handleUpload = function(event){
    event.preventDefault();
    event.stopPropagation();
    var folder = 7;
    var fileInput = document.getElementById('file');

    var data = new FormData();

    data.append('ajax', true);
    for (var i = 0; i < fileInput.files.length; ++i){
        data.append('file[]', fileInput.files[i]);
    }   

    var request = new XMLHttpRequest();

    request.upload.addEventListener('progress', function(event){
        if(event.lengthComputable){
            var percent = event.loaded / event.total;
            var progress = document.getElementById('upload_progress');

            while (progress.hasChildNodes()){
                progress.removeChild(progress.firstChild);
            }
            progress.appendChild(document.createTextNode(Math.round(percent * 100) +' %'));
            document.getElementById("loading-progress-17").style.width= Math.round(percent * 100) +'%';
        }
    });
    request.upload.addEventListener('load', function(event){
        document.getElementById('upload_progress').style.display = 'none';
    });
    request.upload.addEventListener('error', function(event){
        alert('Upload failed');
    });
    request.addEventListener('readystatechange', function(event){
        if (this.readyState == 4){
            if(this.status == 200){
                var links = document.getElementById('uploaded');
                var uploaded = eval(this.response);
                var div, a;
                for (var i = 0; i < uploaded.length; ++i){
                    div = document.createElement('div');
                    a = document.createElement('a');
                    a.setAttribute('href', 'files/' + uploaded[i]);
                    a.appendChild(document.createTextNode(uploaded[i]));
                    div.appendChild(a);
                    links.appendChild(div);
                }
            }else{
                console.log('server replied with HTTP status ' + this.status);
            }
        }
    });
    request.open('POST', 'upload.php');
    request.setRequestHeader('Cache-Control', 'no-cache');
    document.getElementById('upload_progress').style.display = 'block';
    request.send(data);

}

window.addEventListener('load', function(event){

    var submit = document.getElementById('submit');
    submit.addEventListener('click', handleUpload);
});

The form of sending is already set but can't really modify it well because didn't work with javascript much. All i try to do is to pass var folder = 7; to upload.php as seen in this part of code :

request.open('POST', 'upload.php');
request.setRequestHeader('Cache-Control', 'no-cache');
document.getElementById('upload_progress').style.display = 'block';
request.send(data);

Any idea how to pass the variable?

Improve this question
10
  • eval(this.response); are you kidding me? What about the tried 'n tested JSON.parse? also request.open expects 3 params: third is a bool to indecate the request should be (a)sync: true is what you want it to be Commented Sep 19, 2013 at 13:21
  • about first 2 questions can't really understand you . And about request.open i know it take 3 parameters but found the code like that and it's working i think it's set to true as default Commented Sep 19, 2013 at 13:25
  • The first 2 questions are the same thing: you don't eval JSON encoded data, you parse it using JSON.parse, besides: eval('{foo:"bar"}') won't work: eval needs parentheses: eval('('+this.responseText+')'), but eval is evil. Read the docs on XMLHttpRequest Commented Sep 19, 2013 at 13:34
  • @EliasVanOotegem JSON.parse should be used where available here (IE8+), but eval is not evil in this case at all. You should read up more on eval, starting with nczonline.net/blog/2013/06/25/eval-isnt-evil-just-misunderstood. Commented Sep 19, 2013 at 14:04
  • 1
    @RayNicholus: I have read it, and it does state that eval-ing the response opens you up to man-in-the-middle attacks, just as it does to script injection attacks. Basically, eval + ajax isn't the only security issue, but using json2.js for older browsers takes away one vulnerability, using eval here, simply because there are other vulnerabilities is pure stupidity. I can't be kind about this. eval, as used here, has been proven to be a vulnerability, and there are safe(r) alternatives. Use them Commented Sep 19, 2013 at 14:29

1 Answer 1

Reset to default
1

I think your code may be 

data.append('folder', folder);
request.open('POST', 'upload.php');
request.setRequestHeader('Cache-Control', 'no-cache');
document.getElementById('upload_progress').style.display = 'block';
request.send(data);


your variable in php will be 

$_REQUEST['folder']

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

$_REQUEST not $_POST?
$_REQUEST includes $_POST & $_GET & $_COOKIE

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.