Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
jQuery is already loaded in the dashboard. Don’t load the library twice.
Thread Starter
Hercal
(@hercal)
hi andrew ,
ok , another inquiry please , i call this plugin using shortcode , where can i write my jquery code ?
For just a few lines you are asking quite a large question.
The database is on the server side, with WordPress it is accessed by PHP code. Jquery is a javascript technique that runs in browsers on the client side.
You are asking for your client side code to converse with the server side code. This is readily done using a technique called AJAX, much of the interactive WordPtress dashboard code uses AJAX, this is how the progressive saves of Page / Post entries is done just by way of example.
You will find many AJAX examples and tutorials on the web and around WordPress, you should be able to find some plugins that use AJAX + jquery + database query/updates. Try and find a small and simple one so that the details does not swamp the principles. I suggest that you develop your plugin in small incremental steps.
You will find that you are using quite a range of languages depending upon the context, in one project I used: PHP,javascript,html,css,SQL. To this you would be adding jquery.
I used firebug to help with the debugging on the browser side, in one tool it shows you your javascript execution, html and css.
For the PHP I used an editor and a web based syntax verifier.
I understand that adding jquery requires adding the appropriate script libraries to the page header, best done in a custom page template.
My projects have been relatively simple, I judged that it was better for me to stay with javascript, if I was already familiar with jquery I would have used it.
Answering your pt: 3
Your jquery code is housed in your plugin directory, you enque it into the page header in your custom page template.
Thread Starter
Hercal
(@hercal)
thank you so much but please check this topic and i will be very thankful if you know why this code not working
http://stackoverflow.com/questions/27379102/using-jquery-inside-wordpress-plugin
Sorry, at a quick reading I didn’t see your problem.
BUT I did see what will be future problems.
When you do something like this:
$var = $_POST['id'];
$query="select id,CountryCode,City from _city where CountryCode='$id'";
$result=$wpdb->get_results($query);
You are just begging for someone to enter a country name like:
x';drop table;
The solution is to use prepare to scrub your user input.
This is called an SQL injection attack. The WordPress support people spend a lot of time ensuring that themes and plugins and WordPress core do not have this vulnerability.
Here is a cartoon about this:
http://xkcd.com/327/
Thread Starter
Hercal
(@hercal)
RossMitchell , my problem solved but yes you are right ,i know sql injection and i can avoid it it .NET platform using sql parameters or stored procedures , …but i don’t know how to avoid it using wordpress, any suggested links to read
but i don't know how to avoid it using wordpress
In the reference to the wpdb class, there are several examples using the prepare method, just search for “$wpdb->prepare(” in this doc:
http://codex.wordpress.org/Class_Reference/wpdb
This precaution is easily enough to do that I routinely use it in development, there is no cause to put it off and polish it later.
Thread Starter
Hercal
(@hercal)
I will , thanks for advice
