2

I'm trying to return a callback from an AJAX submitted form. The user submits a form, the server processes and returns the valid response, i.e. an error message and also a JavaScript function that could perform an action. I'm using Zepto.js faling back to jQuery depending on browser.

My ajax request is:

$.ajax({
    success: function(data, status, xhr) {
        data.callback();
    },
    url: form.attr('action'),
    data: form.serialize(),
    dataType: 'json'
});

On the server I want to return something like:

// PHP code
?>
{
    return: false,
    error: 'Sorry, we couldn’t find an account with that username or password.',
    callback: function() {
        console.log('this is the callback');
    }
}
<?php
// more PHP code

When returned to the browser callback function should fire. I want the server to return the callback so I can use the same JavaScript code and have it respond accordingly to the server response.

Would I need to change the dataType to script? However I thought this was just for loading .js files, not blocks of code.

Any help appreciated.

Improve this question
3
  • It is not good idea for security to send callbacks via ajax. And - Why you cannot choose what to do in JavaScript ? Commented Jul 13, 2012 at 13:50
  • @SergeS I was just thinking it's easier to keep my callback messages, actions etc where they happen on the server. So I could add them all to a .js file with a name, or ID, then in PHP return that name or ID and call it in success? Commented Jul 13, 2012 at 14:09
  • Yes, this is better way (Use switch to choose action, so nothing unwanted can be called) Commented Jul 14, 2012 at 10:57

2 Answers 2

Reset to default
1

The general feeling here is I am approaching this in the wrong way. So revised code:

$.ajax({
    success: function(data, status, xhr) {
        var callback = data['callback'];
        callback();
    },
    url: form.attr('action'), // in this example it's badLogin
    data: form.serialize(),
    dataType: 'json'
});
// callback specified in PHP
badLogin: function() {
    console.log('bad login');
}

And my PHP

if (!$valid) {
?>
{
    "return": false,
    "error": "Sorry, we couldn’t find an account with that username or password.",
    "callback": "badLogin"
}
<?php
}

Thanks for pointing me in the right direction.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

You don't get an error like "Uncaught TypeError: string is not a function"? I do.
But I think you can do something like var callback = data['callback']; objectWithBadLoginMethod[callback]();
0

You can always return the code as a string and use eval() if you are absolutely sure that the string will always be correct and no code can be injected.

Improve this answer

4 Comments

This is basically the only way to accomplish this, unfortunately.
I have tried doing this but it's proved very problematic. I'm starting to think that I should use a totally different method that's more secure and 'cleaner'.
I would basically question the need of returning code by the server. Why can't you just write a set of functions that will respons to certain parameters? Haven't you got a finite number of things that can happen after the server returns a message?
@MMM Agreed. I was thinking it would be simpler but I whichever way I achieve it I still need to write the functions somewhere.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.