Go Top
advertise here!!!

Library || READ MORE || DOWNLOAD PDF || QUESTION ANSWERS || HOME

  • ABOUT AJAX ↓

    What is AJAX?
    • AJAX stands for Asynchronous Javascript And XML
    • AJAX is not a programming language
    • AJAX is a way of using existing standards (JavaScript and XML) to make more interactive web applications

    AJAX was popularized in 2005 by Google (with Google suggest)

    An AJAX Application

    Recall the standard HTTP transaction

    – 1. C nt opens connection to server

    – 2. C nt sends request to server

    – 3. Server sends reply to client

    – 4. C nt and server close connection

    After Step 4, the client renders the document and this may include running some JavaScript. In an AJAX application, the JavaScript code then communicates with the server behind the scenes

    An AJAX Application (Cont'd)

    • Communication with the server takes place asynchronously, and transparently to the user
    • Data is exchanged with the server without the need for a page reload
    • This is accomplished through a special kind of HTTP request

    Typical AJAX Event

    A typical AJAX transaction looks like this:

    • User triggers some event (presses a key, moves mouse, ...)
    • Event handler code sends HTTP request to server
    • Server replies triggering code on client
    • Reply handler code updates web page using server's reply

    Between steps 2 and 3 the web page is still usable (event is asynchronous) At no point during the transaction does the browser open a new web page

    Pros and Cons of AJAX

    Pros:

    • Allows web applications to interact with data on the server
    • Allows web applications to interact with data on the server
    • Some applications can only be rea ed this way

    Eg: Google Suggest offers interactive access to one of the largest data collections in the world For office style applications, user's data is stored on a re ble server, accessable from any web browser

    Cons:

    • Tough to make compatible across all browsers
    • Should have a low-latency connection to the
    • Can be server intensive

    Eg: Google Suggest generates a search for every keystroke entered

  • An_XML_HTTP_TRANSACTION ↓

    Setting up an AJAX Transaction

    • Create anXMLHTTPRequest object
    • Set up the request's onreadystatechange function
    • Open the request
    • Send the request

    Creating an XMLHTTPRequest Object

    function sendRequest()
    
    var xmlHttp = GetXmlHttpObject(); if (!xmlHttp) {
    
    return false;
    
    }
    
    xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4) {
    
    alert("Request complete");
    
    }
    
    
    

    The XMLHTTPRequest Object

    An XMLHTTPRequest object is in one of 5 states, as indicated by the readyState property

    • The request is not initialized
    • The request has been set up
    • The request has been sent
    • The request is in process
    • The request is complete

    Every time the readyState property changes theonreadystatechange property (a function) is called

    }
    
    var requestURI = "http://myserver.org/somepage.txt";
    
    xmlHttp.open("GET", requestURI, true); xmlHttp.send(null);
    
    }
    

    Setting onreadystatechange

    function sendRequest()
    
    var xmlHttp = GetXmlHttpObject(); if (!xmlHttp) {
    
    return false;
    
    }
    
    xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4) {
    
    alert("Request complete");
    
    }
    
    }
    
    var requestURI = "http://myserver.org/somepage.txt";
    
    xmlHttp.open("GET", requestURI, true); xmlHttp.send(null);
    
    }
    

    The open and send functions

    The open function of an XML HTTP request takes three arguments

    • xmlHttp.open(method, uri, async)
    • method is either "GET" or "POST"
    • uri is the (relative) URI to retrieve
    • async determines whether to send the request asynchronously (true) or synchronously (false)
    • – The domain of the uri argument must be the same as the domain of the current page

    The send function takes one argument

    • – xmlHttp.send(content);
    • content is the content to send (useful when method="POST")

    Sending the Request

    function sendRequest()
    
    var xmlHttp = GetXmlHttpObject(); if (!xmlHttp) {
    
    return false;
    
    }
    
    xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4) {
    
    alert("Request complete");
    
    }
    
    }
    
    var requestURI = "http://myserver.org/somepage.txt";
    
    xmlHttp.open("GET", requestURI, true); xmlHttp.send(null);
    
    }
    

    The responseText Property

    When an XMLHTTPRequest is complete (readyState == 4) the responseText property contains the server's response, as a String

    Example Code (Client Side

    function sendRequest(textNode)
    
    var xmlHttp = GetXmlHttpObject(); if (!xmlHttp) {
    
    return false;
    
    }
    
    xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4) {
    
    textNode.nodeValue = xmlHttp.responseText;
    
    }
    
    }
    
    var requestURI = "http://greatbeyond.org/cgi-bin/request.cgi";
    
    xmlHttp.open("GET", requestURI, true); xmlHttp.send(null);
    }
    

    Example Code (Server Side)

    And we might have the following request.cgi in the cgi-bin directory of greatbeyond.org

    #!/usr/bin/perl
    
    
    print("Content-type: text/plain\n\n"); print("57 channels and nuthin' on");
    

    Some Notes

    An XMLHTTPRequest object can send the request to any URI as long as it has the same domain as the page that requests it

    This URI can refer to a CGI script or even just an HTML document

    Note the big security risk for the client

    • JavaScript can send anything to the server
    • Client needs to restrict what JavaScript has access to

    This is still not AJAX

    – Where's the XML?

    Putting the X in AJAX

    The X in AJAX comes from XML

    In an XML HTTP request, we usually expect the server to respond with some XML

    What is XML?

    Short answer: like HTML but

    • – You can make up your own tag names
    • – All tags have to be closed (and there is a shorthand)

    Long answer: will have to wait

    An Example XML File

    Notice

    • – the new tags (we just made them up)
    • – An XML version number
    • – One tag contains everything (and becomes the root of the document tree)
     
    
    Tove
    
    Jani
    
    Reminder
    
    Don't forget me this weekend! 
    
    

    Why Respond with XML?

    We can look at the XML text within a response using theresponseText property

    Even better, we can use the responseXML property to access the XML

    Best, responseXML.documentElement contains the document tree for the XML

    This is a document tree in the DOM model that we've seen before (just like document)

    Example

    function sendRequest() {
    
    var xmlHttp = GetXmlHttpObject(); if (!xmlHttp) {
    
    return false;
    
    }
    
    xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4) {
    
    var xmlDoc = xmlHttp.responseXML.documentElement;
    
    }
    
    }
    
    var requestURI = xmlURI; xmlHttp.open("GET", requestURI, true); xmlHttp.send(null);
    
    }
    

    Summary

    An AJAX transaction involves the client sending an asynchronous HTTP request and the server responding with XML

           The c nt processes the resulting XML document tree

    AJAX applications run entirely on the client except when they need to access data on the server

           – Can treat the server as a database/file system

    Well-written AJAX applications, running with a fast Internet connection, can be as nice to use as traditional applications (or nicer)

  • BROWSER SUPPORT ↓

    All the available browsers cannot support AJAX. Here is a list of major browsers, that support AJAX.

    • Mozilla Firefox 1.0 and above.
    • Netscape version 7.1 and above.
    • Apple Safari 1.2 and above.
    • Microsoft Internet Explorer 5 and above.
    • Konqueror.
    • Opera 7.6 and above.

    When you write your next application, do consider the browsers that do not support AJAX.

    NOTE: When we say that a browser does not support AJAX, it simply means that the browser does not support creation of Javascript object XMLHttpRequest object.

    Writing Browser Specific Code

    The Simplest way to make your source code compatible with a browser is to use try...catch blocks in your JavaScript.

    <html>
    <body>
       <script language="javascript" type="text/javascript">
       <!-- 
       //Browser Support Code
       function ajaxFunction(){
          var ajaxRequest;  // The variable that makes Ajax possible!
    
          try{
             // Opera 8.0+, Firefox, Safari 
             ajaxRequest = new XMLHttpRequest();
          }catch (e){
    
             // Internet Explorer Browsers
             try{
                ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
             }catch (e) {
                try{
                   ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
                }catch (e){
    
                   // Something went wrong
                   alert("Your browser broke!");
                   return false;
                }
             }
          }
       }
       //-->
       </script>
       
       <form name='myForm'>
          Name: <input type='text' name='username' /> <br />
          Time: <input type='text' name='time' />
       </form>
       
    </body>
    </html>
    

    In the above JavaScript code, we try three times to make our XMLHttpRequest object. Our first attempt:

    • ajaxRequest = new XMLHttpRequest();

    It is for Opera 8.0+, Firefox, and Safari browsers. If it fails, we try two more times to make the correct object for an Internet Explorer browser with:

    • ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");

    • ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");

    If it doesn't work, then we can use a very outdated browser that doesn't support XMLHttpRequest, which also means it doesn't support Ajax.

    Most likely though, our variable ajaxRequest will now be set to whatever XMLHttpRequest standard the browser uses and we can start sending data to the server. The step-wise AJAX workflow is explained in the next chapter.


  • ACTION ↓

    This chapter gives you a clear picture of the exact steps of AJAX operation.

    Steps of AJAX Operation

    • A client event occurs.
    • An XMLHttpRequest object is created.
    • The XMLHttpRequest object is configured.
    • The XMLHttpRequest object makes an asynchronous request to the Webserver.
    • The Webserver returns the result containing XML document.
    • The XMLHttpRequest object calls the callback() function and processes the result.
    • The HTML DOM is updated.

    Let us take these steps one by one.

    A Client Event Occurs

    • A JavaScript function is called as the result of an event.

    • Example: validateUserId() JavaScript function is mapped as an event handler to an onkeyup event on input form field whose id is set to "userid"

    • <input type="text" size="20" id="userid" name="id" onkeyup="validateUserId();">.

    The XMLHttpRequest Object is Created

    var ajaxRequest;  // The variable that makes Ajax possible!
    function ajaxFunction(){
       try{
          
          // Opera 8.0+, Firefox, Safari
          ajaxRequest = new XMLHttpRequest();
       }catch (e){
       
          // Internet Explorer Browsers
          try{
             ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
          }catch (e) {
          
             try{
                ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
             }catch (e){
          
                // Something went wrong
                alert("Your browser broke!");
                return false;
             }
          }
       }
    }
    

    The XMLHttpRequest Object is Configured

    In this step, we will write a function that will be triggered by the client event and a callback function processRequest() will be registered.

    function validateUserId() {
       ajaxFunction();
       
       // Here processRequest() is the callback function.
       ajaxRequest.onreadystatechange = processRequest;
       
       if (!target) target = document.getElementById("userid");
       var url = "validate?id=" + escape(target.value);
       
       ajaxRequest.open("GET", url, true);
       ajaxRequest.send(null);
    }
    

    Making Asynchronous Request to the Webserver

    Source code is available in the above piece of code. Code written in bold typeface is responsible to make a request to the webserver. This is all being done using the XMLHttpRequest object ajaxRequest.

    function validateUserId() {
       ajaxFunction();
       
       // Here processRequest() is the callback function.
       ajaxRequest.onreadystatechange = processRequest;
       
       if (!target) target = document.getElementById("userid");
       var url = "validate?id=" + escape(target.value);
       
       ajaxRequest.open("GET", url, true);
       ajaxRequest.send(null);
    }
    

    Assume you enter Zara in the userid box, then in the above request, the URL is set to "validate?id=Zara".

    Webserver Returns the Result Containing XML Document

    You can implement your server-side script in any language, however its logic should be as follows.

    • Get a request from the client.
    • Parse the input from the client.
    • Do required processing.
    • Send the output to the client.

    If we assume that you are going to write a servlet, then here is the piece of code.

    public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException 
    {
       String targetId = request.getParameter("id");
       
       if ((targetId != null) && !accounts.containsKey(targetId.trim()))
       {
          response.setContentType("text/xml");
          response.setHeader("Cache-Control", "no-cache");
          response.getWriter().write("true");
       }
       else
       {
          response.setContentType("text/xml");
          response.setHeader("Cache-Control", "no-cache");
          response.getWriter().write("false");
       }
    }
    

    Callback Function processRequest() is Called

    The XMLHttpRequest object was configured to call the processRequest() function when there is a state change to the readyState of the XMLHttpRequest object. Now this function will receive the result from the server and will do the required processing. As in the following example, it sets a variable message on true or false based on the returned value from the Webserver.

     
    function processRequest() {
       if (req.readyState == 4) {
          if (req.status == 200) {
             var message = ...;
    ...
    }
    

    The HTML DOM is Updated

    This is the final step and in this step, your HTML page will be updated. It happens in the following way:

    • JavaScript gets a reference to any element in a page using DOM API.
    • The recommended way to gain a reference to an element is to call.
    document.getElementById("userIdMessage"), 
    // where "userIdMessage" is the ID attribute 
    // of an element appearing in the HTML document
    
    • JavaScript may now be used to modify the element's attributes; modify the element's style properties; or add, remove, or modify the child elements. Here is an example:

    <script type="text/javascript">
    <!--
    function setMessageUsingDOM(message) {
       var userMessageElement = document.getElementById("userIdMessage");
       var messageText;
       
       if (message == "false") {
          userMessageElement.style.color = "red";
          messageText = "Invalid User Id";
       }
       else 
       {
          userMessageElement.style.color = "green";
          messageText = "Valid User Id";
       }
       
       var messageBody = document.createTextNode(messageText);
       
       // if the messageBody element has been created simple 
       // replace it otherwise append the new element
       if (userMessageElement.childNodes[0]) {
          userMessageElement.replaceChild(messageBody, userMessageElement.childNodes[0]);
       } 
       else
       {
          userMessageElement.appendChild(messageBody);
       }
    }
    -->
    </script>
    <body>
    <div id="userIdMessage"><div>
    </body>
    

    If you have understood the above-mentioned seven steps, then you are almost done with AJAX. In the next chapter, we will see XMLHttpRequest object in more detail.


  • XMLHTTPREQUEST ↓

    The XMLHttpRequest object is the key to AJAX. It has been available ever since Internet Explorer 5.5 was released in July 2000, but was not fully discovered until AJAX and Web 2.0 in 2005 became popular.

    XMLHttpRequest (XHR) is an API that can be used by JavaScript, JScript, VBScript, and other web browser scripting languages to transfer and manipulate XML data to and from a webserver using HTTP, establishing an independent connection channel between a webpage's Client-Side and Server-Side.

    The data returned from XMLHttpRequest calls will often be provided by back-end databases. Besides XML, XMLHttpRequest can be used to fetch data in other formats, e.g. JSON or even plain text.

    You already have seen a couple of examples on how to create an XMLHttpRequest object.

    Listed below is listed are some of the methods and properties that you have to get familiar with.

    XMLHttpRequest Methods

    • abort()

      Cancels the current request.

    • getAllResponseHeaders()

      Returns the complete set of HTTP headers as a string.

    • getResponseHeader( headerName )

      Returns the value of the specified HTTP header.

    • open( method, URL )

      open( method, URL, async )

      open( method, URL, async, userName )

      open( method, URL, async, userName, password )

      Specifies the method, URL, and other optional attributes of a request.

      The method parameter can have a value of "GET", "POST", or "HEAD". Other HTTP methods, such as "PUT" and "DELETE" (primarily used in REST applications) may be possible.

      The "async" parameter specifies whether the request should be handled asynchronously or not. "true" means that the script processing carries on after the send() method without waiting for a response, and "false" means that the script waits for a response before continuing script processing.

    • send( content )

      Sends the request.

    • setRequestHeader( label, value )

      Adds a label/value pair to the HTTP header to be sent.

    XMLHttpRequest Properties

    • onreadystatechange

      An event handler for an event that fires at every state change.

    • readyState

      The readyState property defines the current state of the XMLHttpRequest object.

      The following table provides a list of the possible values for the readyState property:

      State Description
      0 The request is not initialized.
      1 The request has been set up.
      2 The request has been sent.
      3 The request is in process.
      4 The request is completed.

      readyState = 0 After you have created the XMLHttpRequest object, but before you have called the open() method.

      readyState = 1 After you have called the open() method, but before you have called send().

      readyState = 2 After you have called send().

      readyState = 3 After the browser has established a communication with the server, but before the server has completed the response.

      readyState = 4 After the request has been completed, and the response data has been completely received from the server.

    • responseText

      Returns the response as a string.

    • responseXML

      Returns the response as XML. This property returns an XML document object, which can be examined and parsed using the W3C DOM node tree methods and properties.

    • status

      Returns the status as a number (e.g., 404 for "Not Found" and 200 for "OK").

    • statusText

      Returns the status as a string (e.g., "Not Found" or "OK").


  • DATABASE OPERATIONS ↓

    To clearly illustrate how easy it is to access information from a database using AJAX, we are going to build MySQL queries on the fly and display the results on "ajax.html". But before we proceed, let us do the ground work. Create a table using the following command.

    NOTE: We are assuming you have sufficient privilege to perform the following MySQL operations

    CREATE TABLE 'ajax_example' (
       'name' varchar(50) NOT NULL,
       'age' int(11) NOT NULL,
       'sex' varchar(1) NOT NULL,
       'wpm' int(11) NOT NULL,
       PRIMARY KEY  ('name')
    ) 
    

    Now dump the following data into this table using the following SQL statements:

    INSERT INTO 'ajax_example' VALUES ('Jerry', 120, 'm', 20);
    INSERT INTO 'ajax_example' VALUES ('Regis', 75, 'm', 44);
    INSERT INTO 'ajax_example' VALUES ('Frank', 45, 'm', 87);
    INSERT INTO 'ajax_example' VALUES ('Jill', 22, 'f', 72);
    INSERT INTO 'ajax_example' VALUES ('Tracy', 27, 'f', 0);
    INSERT INTO 'ajax_example' VALUES ('Julie', 35, 'f', 90);
    

    Client Side HTML File

    Now let us have our client side HTML file, which is ajax.html, and it will have the following code:

    <html>
    <body>
    <script language="javascript" type="text/javascript">
    <!-- 
    //Browser Support Code
    function ajaxFunction(){
       var ajaxRequest;  // The variable that makes Ajax possible!
       try{
       
          // Opera 8.0+, Firefox, Safari
          ajaxRequest = new XMLHttpRequest();
       }catch (e){
          
          // Internet Explorer Browsers
          try{
             ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
          }catch (e) {
             
             try{
                ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
             }catch (e){
             
                // Something went wrong
                alert("Your browser broke!");
                return false;
             }
          }
       }
       
       // Create a function that will receive data
       // sent from the server and will update
       // div section in the same page.
       ajaxRequest.onreadystatechange = function(){
       
          if(ajaxRequest.readyState == 4){
             var ajaxDisplay = document.getElementById('ajaxDiv');
             ajaxDisplay.innerHTML = ajaxRequest.responseText;
          }
       }
       
       // Now get the value from user and pass it to
       // server script.
       var age = document.getElementById('age').value;
       var wpm = document.getElementById('wpm').value;
       var sex = document.getElementById('sex').value;
       var queryString = "?age=" + age ;
       
       queryString +=  "&wpm=" + wpm + "&sex=" + sex;
       ajaxRequest.open("GET", "ajax-example.php" + queryString, true);
       ajaxRequest.send(null); 
    }
    //-->
    </script>
    
    <form name='myForm'>
    
       Max Age: <input type='text' id='age' /> <br />
       Max WPM: <input type='text' id='wpm' /> <br />
       Sex: 
       <select id='sex'>
          <option value="m">m</option>
          <option value="f">f</option>
       </select>
       <input type='button' onclick='ajaxFunction()' value='Query MySQL'/>
       
    </form>
    <div id='ajaxDiv'>Your result will display here</div>
    </body>
    </html>
    

    NOTE: The way of passing variables in the Query is according to HTTP standard and have formA.

    URL?variable1=value1;&variable2=value2;
    

    The above code will give you a screen as given below:

    NOTE: This is dummy screen and would not work

    Max Age: 

    Max WPM:

    Sex:

    Your result will display here in this section after you have made your entry.

    NOTE: This is a dummy screen.

    Server Side PHP File

    Your client-side script is ready. Now, we have to write our server-side script, which will fetch age, wpm, and sex from the database and will send it back to the client. Put the following code into the file "ajax-example.php".

    <?php
    $dbhost = "localhost";
    $dbuser = "dbusername";
    $dbpass = "dbpassword";
    $dbname = "dbname";
    	
    //Connect to MySQL Server
    mysql_connect($dbhost, $dbuser, $dbpass);
    	
    //Select Database
    mysql_select_db($dbname) or die(mysql_error());
    	
    // Retrieve data from Query String
    $age = $_GET['age'];
    $sex = $_GET['sex'];
    $wpm = $_GET['wpm'];
    	
    // Escape User Input to help prevent SQL Injection
    $age = mysql_real_escape_string($age);
    $sex = mysql_real_escape_string($sex);
    $wpm = mysql_real_escape_string($wpm);
    	
    //build query
    $query = "SELECT * FROM ajax_example WHERE sex = '$sex'";
    
    if(is_numeric($age))
       $query .= " AND age <= $age";
    
    if(is_numeric($wpm))
       $query .= " AND wpm <= $wpm";
    	
    //Execute query
    $qry_result = mysql_query($query) or die(mysql_error());
    
    //Build Result String
    $display_string = "<table>";
    $display_string .= "<tr>";
    $display_string .= "<th>Name</th>";
    $display_string .= "<th>Age</th>";
    $display_string .= "<th>Sex</th>";
    $display_string .= "<th>WPM</th>";
    $display_string .= "</tr>";
    
    // Insert a new row in the table for each person returned
    while($row = mysql_fetch_array($qry_result)){
       $display_string .= "<tr>";
       $display_string .= "<td>$row[name]</td>";
       $display_string .= "<td>$row[age]</td>";
       $display_string .= "<td>$row[sex]</td>";
       $display_string .= "<td>$row[wpm]</td>";
       $display_string .= "</tr>";
    }
    
    echo "Query: " . $query . "<br />";
    $display_string .= "</table>";
    
    echo $display_string;
    ?>
    

    Now try by entering a valid value (e.g., 120) in Max Age or any other box and then click Query MySQL button.

    Max Age: 

    Max WPM:

    Sex:

    Your result will display here in this section after you have made your entry.

    If you have successfully completed this lesson, then you know how to use MySQL, PHP, HTML, and Javascript in tandem to write AJAX applications.


  • SECURITY ↓

    AJAX Security: Server Side

    • AJAX-based Web applications use the same server-side security schemes of regular Web applications.

    • You specify authentication, authorization, and data protection requirements in your web.xml file (declarative) or in your program (programmatic).

    • AJAX-based Web applications are subject to the same security threats as regular Web applications.

    AJAX Security: Client Side

    • JavaScript code is visible to a user/hacker. Hacker can use JavaScript code for inferring server-side weaknesses.

    • JavaScript code is downloaded from the server and executed ("eval") at the client and can compromise the client by mal-intended code.

    • Downloaded JavaScript code is constrained by the sand-box security model and can be relaxed for signed JavaScript.


  • ISSUES ↓

    AJAX is growing very fast and that is the reason that it contains many issues with it. We hope with the passes of time, they will be resolved and AJAX will become ideal for web applications. We are listing down a few issues that AJAX currently suffers from.

    Complexity is increased

    • Server-side developers will need to understand that presentation logic will be required in the HTML client pages as well as in the server-side logic.

    • Page developers must have JavaScript technology skills.

    AJAX-based applications can be difficult to debug, test, and maintain

    • JavaScript is hard to test - automatic testing is hard.
    • Weak modularity in JavaScript.
    • Lack of design patterns or best practice guidelines yet.

    Toolkits/Frameworks are not mature yet

    • Most of them are in beta phase.

    No standardization of the XMLHttpRequest yet

    • Future version of IE will address this.

    No support of XMLHttpRequest in old browsers

    • Iframe will help.

    JavaScript technology dependency and incompatibility

    • Must be enabled for applications to function.
    • Still some browser incompatibilities exist.

    JavaScript code is visible to a hacker

    • Poorly designed JavaScript code can invite security problems.