Making Ajax requests with external scripts

[gordyr]

I'll try to make this my last question as I know you're busy craig.

I am pretty much completely to grips with Sonic now, and absolutely love it for speed/simplicity.

However, I'm not sure how to use Sonic's functions with my own php scripts stored under the /public_html directory?

e.g. Lets imagine I am making an ajax request to a script named table.php stored under /public_html/scripts/ directory.

How from within tables.php can I use the Sonic database functions to query the server?

It is possible that I am going about this the wrong, if so, how would something like a simple ajax request be made in Sonic?

[ccampbell]

Yeah I would not recommend doing it this way. Basically it is not good practice to put anything public_html cause technically it is publicly accessible if something goes wrong with your server.

If you want to serve a php script you should put the code in a controller method and use a route to render that controller method. You may have to modify the script a little to work in the context of a controller, but for the most part it should just work.

That being said, you CAN do what you want to do by editing public_html/.htaccess to make certain paths go directly to certain files before the catch all that sends everything through index.php:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule \.*$ /index.php

[gordyr]

Ah I see... So the simplest answer is to put the script in a controller and just set up a route to it... This makes perfect sense and I don't know why I didn't think of it before!

Thanks again Craig... You've been a massive help.

On an unrelated note I have rewritten your JavaScript to include some checks to see if the file has already been loaded etc...

This means that you can have several pagelets, some of which require the same JavaScript files yet only load once. This is useful mostly if you are developing single page apps but it's a worthy addition.

I'll add a pull request next week after I've added a few more features to it that I have planned.

Cheers

[gordyr]

I've got this working perfectly now. It's far more elegant using the method you described. Thank you.

However... I am using your getParams function to get an array of the parameters sent for the ajax request.

Are these sanitized within your script? Or do I need to escape them myself? If so, how can I access the core->escape function within a controller?

EDIT: I think I've just answered my own question while reading up on PDO.

It seems that all variables are automatically escaped when using PDO prepared statements which from what I understand Sonic uses by default. If you could just confirm that I do not need to do any other form of escaping and can safely use the variables from a GET parameter as is, that would be great.

[ccampbell]

Yeah. If you use bindValue using any of the mysql classes I have it will escape the variables.

As a general rule you should filter input and escape output. There is an input filter class included in sonic but it isn't really documented: https://github.com/ccampbell/sonic/blob/master/lib/Sonic/InputFilter.php

From a controller you can do things like: $param = $this->filter('parameter_name')->setType('string')->setDefault('foo')->getValue(\Sonic\Request::POST)

That will strip tags and all that stuff and you can make sure the param is valid using

->in(array('valid_value1', 'valid_value2'))

[gordyr]

Fantastic... The more I learn about Sonic the more I like. Cheers. :-)