i am using ajax to load pages into a div the page is loading fine but i cant run the php and javascript in that loaded page
我正在使用ajax将页面加载到div中页面加载正常但我无法在该加载的页面中运行php和javascript
in server i am loading the page like this
在服务器中,我正在加载这样的页面
file_get_contents('../' . $PAGE_URL);
in the browser i am setting the content of the div using
在浏览器中我正在设置div的内容使用
eval("var r = " + response.responseText);
and setting the innerHTML for that div with the retrieve information but when i get the new inner page no php or java script is working
并使用检索信息为该div设置innerHTML,但是当我获得新的内部页面时,没有php或java脚本正常工作
is that suppose to be like that ?
那是假设是那样的吗?
3 个解决方案
#1
2
Well the php is not going to work I think because the way you are handling it, it is just text. I would suggest using something like include('../' . $PAGE_URL); and that should parse the php. The javascript problem probably has to do with the fact that you are loading <html> <body> <head> tags in a div I'm not sure what happens when you do that, but it shouldn't work properly. Try using some type of <frame> tag.
那么php不会起作用我认为因为你处理它的方式,它只是文本。我建议使用像include('../'。$ PAGE_URL);这应该解析PHP。 javascript问题可能与您在div中加载 标签这一事实有关。我不确定当您这样做时会发生什么,但它不应该正常工作。尝试使用某种类型的标签。
#2
1
In order for your javascript to be executed properly, you have to wait until the browser has finished to load the page.
为了使您的javascript正确执行,您必须等到浏览器完成加载页面。
This event is named onload(). Your code should be executed on this event.
此事件名为onload()。您的代码应该在此事件上执行。
#3
0
<?php
$file = false;
if(isset($_GET['load'] && is_string($_GET['load'])) {
$tmp = strip*es($_GET['load']);
$tmp = str_replace(".","",$tmp);
$file = $tmp . '.php';
}
if($file != false && file_exists($file) && is_readable($file)) {
require_once $file;
}
?>
called via file.php?load=test
通过file.php调用?load = test
That process the PHP file, and as long as you spit out HTML from the file simply
这个过程就是PHP文件,只要你简单地从文件中吐出HTML
target = document.getElementById('page');
target.innerHTML = response.responseText;
Now, i'm fairly certain parts of that are insecure, you could have a whitelist of allowable requires. It should ideally be looking in a specific directory for the files also. I'm honestly not all too sure about directly dumping the responseText back into a DIV either, security wise as it's ripe for XSS. But it's the end of the day and I haven't looked up anything on that one. Be aware, without any kind of checking on this, you could have a user being directed to a third party site using file_get_contents, which would be a Very Bad Thing. You could eval in PHP a file_get_contents request, which... is well, Very Very Bad. For example try
现在,我相当肯定部分是不安全的,你可以有一个允许需求的白名单。理想情况下,它也应该在文件的特定目录中查找。老实说,我不太确定直接将responseText转发回DIV,安全性明智,因为XSS已经成熟。但这是一天的结束,我没有在那个上面找到任何东西。请注意,如果没有对此进行任何检查,您可以使用file_get_contents将用户定向到第三方站点,这将是非常糟糕的事情。您可以在PHP中评估一个file_get_contents请求,其中......很好,非常非常糟糕。例如试试
<?php
echo file_get_contents("http://www.google.com");
?>
But I fear I must ask here, why are you doing it this way? This seems a very roundabout way to achieve a Hyperlink.
但是我担心我必须在这里问一下,你为什么这样做呢?这似乎是实现超链接的一种非常迂回的方式。
Is this AJAX for AJAXs sake?
AJAX这个AJAX是为了这个吗?
#1
2
Well the php is not going to work I think because the way you are handling it, it is just text. I would suggest using something like include('../' . $PAGE_URL); and that should parse the php. The javascript problem probably has to do with the fact that you are loading <html> <body> <head> tags in a div I'm not sure what happens when you do that, but it shouldn't work properly. Try using some type of <frame> tag.
那么php不会起作用我认为因为你处理它的方式,它只是文本。我建议使用像include('../'。$ PAGE_URL);这应该解析PHP。 javascript问题可能与您在div中加载 标签这一事实有关。我不确定当您这样做时会发生什么,但它不应该正常工作。尝试使用某种类型的标签。
#2
1
In order for your javascript to be executed properly, you have to wait until the browser has finished to load the page.
为了使您的javascript正确执行,您必须等到浏览器完成加载页面。
This event is named onload(). Your code should be executed on this event.
此事件名为onload()。您的代码应该在此事件上执行。
#3
0
<?php
$file = false;
if(isset($_GET['load'] && is_string($_GET['load'])) {
$tmp = strip*es($_GET['load']);
$tmp = str_replace(".","",$tmp);
$file = $tmp . '.php';
}
if($file != false && file_exists($file) && is_readable($file)) {
require_once $file;
}
?>
called via file.php?load=test
通过file.php调用?load = test
That process the PHP file, and as long as you spit out HTML from the file simply
这个过程就是PHP文件,只要你简单地从文件中吐出HTML
target = document.getElementById('page');
target.innerHTML = response.responseText;
Now, i'm fairly certain parts of that are insecure, you could have a whitelist of allowable requires. It should ideally be looking in a specific directory for the files also. I'm honestly not all too sure about directly dumping the responseText back into a DIV either, security wise as it's ripe for XSS. But it's the end of the day and I haven't looked up anything on that one. Be aware, without any kind of checking on this, you could have a user being directed to a third party site using file_get_contents, which would be a Very Bad Thing. You could eval in PHP a file_get_contents request, which... is well, Very Very Bad. For example try
现在,我相当肯定部分是不安全的,你可以有一个允许需求的白名单。理想情况下,它也应该在文件的特定目录中查找。老实说,我不太确定直接将responseText转发回DIV,安全性明智,因为XSS已经成熟。但这是一天的结束,我没有在那个上面找到任何东西。请注意,如果没有对此进行任何检查,您可以使用file_get_contents将用户定向到第三方站点,这将是非常糟糕的事情。您可以在PHP中评估一个file_get_contents请求,其中......很好,非常非常糟糕。例如试试
<?php
echo file_get_contents("http://www.google.com");
?>
But I fear I must ask here, why are you doing it this way? This seems a very roundabout way to achieve a Hyperlink.
但是我担心我必须在这里问一下,你为什么这样做呢?这似乎是实现超链接的一种非常迂回的方式。
Is this AJAX for AJAXs sake?
AJAX这个AJAX是为了这个吗?