Hartley, Im working with the code right out of the book that this forum is named after:
//add_employee.js
window.onload = init;
function init(){
var ajax = getXMLHttpRequestObject();
if(ajax){
if(document.getElementById('results')){
document.getElementById('emp_form').onsubmit = function(){
ajax.open('post', 'add_employee_xml.php');
ajax.onreadystatechange = function() {
handleResponse(ajax);
}
var fields = ['first_name', 'last_name', 'email', 'department_id', 'phone_ext'];
for(var i = 0; i < fields.length; i++){
fields[i] = fields[i] + '=' + encodeURIComponent(document.getElementById(fields[i]).value);
}
var values = fields.join('&');
//alert(values);
ajax.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
ajax.send(values);
return false;
}
}
}
}
function handleResponse(ajax){
if(ajax.readyState == 4){
if((ajax.status == 200) || (ajax.status == 304)) {
var results = document.getElementById('results');
document.getElementById('first_name_label').className = 'title';
document.getElementById('last_name_label').className = 'title';
document.getElementById('email_label').className = 'title';
document.getElementById('department_id_label').className = 'title';
document.getElementById('phone_ext_label').className = 'title';
var data = ajax.responseXML;
alert(data);
var message = data.getElementsByTagName('result');
var errors = data.getElementsByTagName('error');
var temp = false;
for(var i=0; i < errors.length; i++){
temp = errors[i].firstChild.nodeValue;
document.getElementById(temp + '_label').className = 'error';
}
results.innerHTML = message[0].firstChild.nodeValue;
results.style.display = 'block';
} else {
document.getElementById('emp_form').submit();
}
}
}
and then the page its calling:
<!--?php #add_employee_xml.php
header("Content-Type=text/xml");
echo '<?xml version="1.0" encoding="utf-8" standalone="yes" ?-->
<response>
';
require_once('mysql.inc.php');
$error = false;
if(!empty($_POST['first_name'])){
$fn = mysql_real_escape_string($_POST['first_name'], $dbc);
} else {
$error = true;
echo '<error>first_name</error>
';
}
if(!empty($_POST['last_name'])){
$ln = mysql_real_escape_string($_POST['last_name'], $dbc);
} else {
$error = true;
echo '<error>last_name</error>
';
}
if(!empty($POST['email'])){
$e = mysql_real_escape_string($_POST['email'], $dbc);
} else {
$error = true;
echo '<error>email</error>
';
}
if(isset($_POST['department_id']) && is_numeric($_POST['department_id']) && ($_POST['department_id'] > 0)){
$did = (int) $_POST['department_id'];
} else {
$error = true;
echo '<error>department_id</error>
';
}
if(isset($_POST['phone_ext']) && is_numeric($_POST['phone_ext']) && ($_POST['phone_ext'] > 0)) {
$ext = (int) $_POST['phone_ext'];
} else {
$error = true;
echo '<error>phone_ext</error>
';
}
// no errors
if(!$error){
$query = "INSERT INTO employees (department_id, first_name, last_name, email, phone_ext) VALUES (NULL, $did, '$fn', '$ln', '$e', $ext)";
$result = mysql_query($query, $dbc);
if(mysql_affected_rows($dbc) == 1){
echo '<result>The employee has been added.</result>
';
} else {
echo '<result>The employee could not be added due to a system error.</result>
';
}
} else {
echo '<result>Please correct problems with the highlighted field(s) below.</result>
';
}
mysql_close($dbc);
echo '</response>
';
?>
I went back through and put the '; on a new line just like in the book thinking maybe it had to be that way to not mess up the xml.