473,405 Members | 2,279 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > how to call a specific server-side method?

Join Bytes to post your question to a community of 473,405 software developers and data experts.

How to call a specific server-side method?

Hi,

I'm just learning how to use the XmlHttpRequest object. Very cool.
However, I'm wondering how I can call a specific server-side method.
For example, say I have a method defined as follows on an ASP.NET
code-behind file

public string GetServerTime()
{
return DateTime.Now.ToShortTimeShort();
}

Would I have to change the request method to POST? Could someone post
an example please? Or can I simply not call a method, and have to call
the method from the Page_Load event?

Nov 3 '05 #1
7 1578
Cyphos wrote:
I'm just learning how to use the XmlHttpRequest object. Very cool.
However, I'm wondering how I can call a specific server-side method.
You cannot do that directly.
For example, say I have a method defined as follows on an ASP.NET
code-behind file

public string GetServerTime()
{
return DateTime.Now.ToShortTimeShort();
}

Would I have to change the request method to POST? Could someone post
an example please? Or can I simply not call a method, and have to call
the method from the Page_Load event?


Either question has to be answered with: You have not yet understood how
XMLHTTPRequest works. Here it is in short: it sends a request to a host
which is running a HTTP server, returns information about the request
status and the server reply. Nothing more, nothing less.

So if you want to call a specific server-side method, that has to be done
server-side in an (ASP.NET) application that is executed when the specific
resource is requested, such as

<%@ LANGUAGE = JScript %>
<%= GetServerTime() %>

(Even though the interface is named XMLHttpRequest, you do not need to
return XML content; any output will do.)
HTH

PointedEars
Nov 3 '05 #2
Cyphos wrote:
I'm just learning how to use the XmlHttpRequest object. Very cool.
However, I'm wondering how I can call a specific server-side method.


You would have to construct which would cause the server side script to
execute that method. This is most easily achieved by specifing it in the
query string (and altering the server side script to check that query
string parameter).

--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
Nov 3 '05 #3
David Dorward wrote:
Cyphos wrote:
I'm just learning how to use the XmlHttpRequest object. Very cool.
However, I'm wondering how I can call a specific server-side method.


You would have to construct which would cause the server side script to
execute that method. This is most easily achieved by specifing it in the
query string (and altering the server side script to check that query
string parameter).


Which of course would be potentially dangerous since an attacker
could then probably execute arbitrary code server-side:

http://foo.bar/baz.asp?delete_all_files%28%29
PointedEars
Nov 3 '05 #4
Thomas 'PointedEars' Lahn said the following on 11/3/2005 4:21 AM:
David Dorward wrote:

Cyphos wrote:
I'm just learning how to use the XmlHttpRequest object. Very cool.
However, I'm wondering how I can call a specific server-side method.


You would have to construct which would cause the server side script to
execute that method. This is most easily achieved by specifing it in the
query string (and altering the server side script to check that query
string parameter).

Which of course would be potentially dangerous since an attacker
could then probably execute arbitrary code server-side:

http://foo.bar/baz.asp?delete_all_files%28%29


Only if you are stupid enough to allow it.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Nov 3 '05 #5
VK

Cyphos wrote:
Hi,

I'm just learning how to use the XmlHttpRequest object. Very cool.
However, I'm wondering how I can call a specific server-side method.
For example, say I have a method defined as follows on an ASP.NET
code-behind file

public string GetServerTime()
{
return DateTime.Now.ToShortTimeShort();
}

Would I have to change the request method to POST? Could someone post
an example please? Or can I simply not call a method, and have to call
the method from the Page_Load event?


You can use WebService behavior:
<http://msdn.microsoft.com/library/default.asp?url=/workshop/author/webservice/overview.asp>

Nov 3 '05 #6
Thomas 'PointedEars' Lahn wrote:
You would have to construct which would cause the server side script to
execute that method. This is most easily achieved by specifing it in the
query string (and altering the server side script to check that query
string parameter).
Which of course would be potentially dangerous since an attacker
could then probably execute arbitrary code server-side:

http://foo.bar/baz.asp?delete_all_files%28%29


Easily avoided... Just don't include the code:

if ($action eq "delete_all_files") {
system('rm -rf /');
}
--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
Nov 4 '05 #7
David Dorward wrote:
Thomas 'PointedEars' Lahn wrote:
You would have to construct which would cause the server side script to
execute that method. This is most easily achieved by specifing it in the
query string (and altering the server side script to check that query
string parameter).

Which of course would be potentially dangerous since an attacker
could then probably execute arbitrary code server-side:

http://foo.bar/baz.asp?delete_all_files%28%29


Easily avoided... Just don't include the code:

if ($action eq "delete_all_files") {
system('rm -rf /');
}


Which proves my point. GET is dangerous here. POST ist less dangerous.
Even less dangerous would be something like a confirmation document or
server-side sessions or ...
PointedEars
Nov 4 '05 #8
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
python2.2: signals and exceptions: interrupted system call
by: Jakub Moscicki | last post by:
Hello, A small problem: I get a signal during a system call (from xmlrpclib -> httplib) and an exception "IOError: Interrupted system call" is raised (this is system dependant, on other machine...
Python
3
Access + MySQL = ODBC-call failed... sometime
by: Yannick Turgeon | last post by:
Hello all, I'm using: - A97 (front-end) - MySQL drivers 3.51 - MySQL 4.0.18 (back-end) I've got a MySQL table connected to an Access DB throw an ODBC link. When I connect to this table, no...
Microsoft Access / VBA
8
ODBC Call Failed
by: Jimbo | last post by:
I have a form in access 97 that is populated by a query against some sql server tables....when ever the query pulls up only one record im fine..however if it pulls up more than one record i have...
Microsoft Access / VBA
6
Page_Load call during POSTBACK
by: Olivier Matrot | last post by:
Hello, This has probably been asked several times, but It must be clarified for me. I would like to know why sometimes during a postback Page_Load is called after the function marked for...
ASP.NET
10
How to call a Sub function from .ASPX file ?
by: bienwell | last post by:
Hi, I have a question about file included in ASP.NET. I have a file that includes all the Sub functions (e.g FileFunct.vb). One of the functions in this file is : Sub TestFunct(ByVal...
ASP.NET
28
Does the .NET framework always call the API?
by: Peter Olcott | last post by:
I want to double check my understanding about how the .NET framework works. From what I understand every call to the .NET framework is ultimately translated into one of more API calls, is this...
.NET Framework
2
UDF call to C wrapper for PCRE library fails - SQL0444N, Reason code: "5", SQLSTATE=42724
by: Serman D. | last post by:
Hi all, I'm trying to complete the samples from the excellent 2003 developerWorks article "Bringing the Power of Regular Expression Matching to SQL" by Knut Stolze: http://tinyurl.com/3bhrnn...
DB2 Database
9
call of variadic function
by: CryptiqueGuy | last post by:
Consider the variadic function with the following prototype: int foo(int num,...); Here 'num' specifies the number of arguments, and assume that all the arguments that should be passed to this...
C / C++
35
writing cgi programs in c: the system() call.
by: jleslie48 | last post by:
I've written a cgi program in C using the borland 5.5 free compiler, and it runs just fine on an Apache server. My only issue is if I issue some system calls the cgi suspends until the call...
C / C++
0
call a SQL Server 2000 stored procedure from DB2
by: madhusr | last post by:
I have a requirement where in in I need to call a SQL Server 2000 stored procedure from DB2 (ver 8.x) based on a value in a column. I can create a trigger in DB2 to monitor the column and after the...
DB2 Database
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!