AJAX Tutorial

Table of Contents

What is AJAX ?
This section explains fundamentals of AJAX and its advantages over conventional web applications.

AJAX Technology
This section tells about all the technology involved in AJAX to make it success.

AJAX Examples
Here we have listed out few real live examples which are using AJAX technology.

AJAX Browser Support
Find a list of all the browsers supporting AJAX and a way to make your application compatible to various browsers

AJAX in Action
Here we will take real coding example and will show how AJAX works.

What is AJAX XMLHttpRequest
We will explain XMLHttpRequest object in detail.

AJAX Database Applications
You will learn how to make AJAX application to interact with the database.

AJAX Security Side
This chapter explains security issues related with AJAX.

Issues with AJAX
AJAX is not free from Issues. What are these issues ? You will come to know in this chapter.

What is AJAX ?

·         AJAX stands for Asynchronous JavaScript and XML. AJAX is a new technique for creating better, faster, and more interactive web applications with the help of XML, HTML, CSS and Java Script.

·         Ajax uses XHTML for content and CSS for presentation, as well as the Document Object Model and JavaScript for dynamic content display.

·         Conventional web application trasmit information to and from the sever using synchronous requests. This means you fill out a form, hit submit, and get directed to a new page with new information from the server.

·         With AJAX when submit is pressed, JavaScript will make a request to the server, interpret the results and update the current screen. In the purest sense, the user would never know that anything was even transmitted to the server.

·         XML is commonly used as the format for receiving server data, although any format, including plain text, can be used.

·         AJAX is a web browser technology independent of web server software.

·         A user can continue to use the application while the client program requests information from the server in the background

·         Intuitive and natural user interaction. No clicking required only Mouse movement is a sufficient event trigger.

·         Data-driven as opposed to page-driven

---

Rich Internet Application (RIA) Technology

AJAX is most viable RIA technology so far. Its getting tremendous industry momentum and several toolkit and frameworks are emerging. But same time JAX has browser incompatibility and it is supported by Java Script which is hard to maintain and debug.

---

AJAX Is Based On Open Standards

AJAX is based on the following open standards:

• Browser-based presentation using HTML and Cascading Style Sheets (CSS)
• Data stored in XML format and fetched from the server
• Behind-the-scenes data fetches using XMLHttpRequest objects in the browser
• JavaScript to make everything happen

---

AJAX - Recommended Knowledge

It is highly recommended that you are familiar with HTML and Javascript before attempting this tutorial.

Technologies Used in AJAX

JavaScript

·         Loosely typed scripting language

·         JavaScript function is called when an event in a page occurs

·         Glue for the whole AJAX operation

DOM

·         API for accessing and manipulating structured documents

·         Represents the structure of XML and HTML documents

CSS

·         Allows for a clear separation of the presentation style from the content and may be changed programmatically by JavaScript

XML Http Request

·         JavaScript object that performs asynchrous interaction with the server

AJAX Examples

Here is the list of famous web applications which are using AJAX

Google Maps

A user can drag the entire map by using the mouse instead of clicking on a button or something

·         http://maps.google.com/

Google Suggest

As you type, Google will offer suggestions. Use the arrow keys to navigate the results

·         http://www.google.com/webhp?complete=1&hl=en

Gmail

Gmail is a new kind of webmail, built on the idea that email can be more intuitive, efficient and useful

·         http://gmail.com/

Yahoo Maps (new)

Now it's even easier and more fun to get where you're going!

·         http://maps.yahoo.com/

---

Difference in AJAX and Conventional CGI Program

Try these two examples one by one and you will feel the difference. While trying AJAX example you do not feel any discontinuation and you get response very quickly but when you try standard GCI example then you would have to wait for the response and your page also get refreshed.

AJAX Browser Support

All the available browsers can not support AJAX. Here is the list of major browsers which support AJAX.

·         Mozilla Firefox 1.0 and above

·         Netscape version 7.1 and above

·         Apple Safari 1.2 and above.

·         Microsoft Internet Exporer 5 and above

·         Konqueror

·         Opera 7.6 and above

So now when you write your application then you would have to take care of the browsers who do not support AJAX.

NOTE: When we are saying that browser does not support AJAX it simply means that browser does not support creation of Javascript object XMLHttpRequest object.

---

Writing Browser Specific Code

Simple way of making your source code compatible to a browser is to use try...catch blocks in your javascript.

<html>

<body>

<script language="javascript" type="text/javascript">

<!--

//Browser Support Code

function ajaxFunction(){

 var ajaxRequest;  // The variable that makes Ajax possible!

               

 try{

   // Opera 8.0+, Firefox, Safari

   ajaxRequest = new XMLHttpRequest();

 }catch (e){

   // Internet Explorer Browsers

   try{

      ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");

   }catch (e) {

      try{

         ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");

      }catch (e){

         // Something went wrong

         alert("Your browser broke!");

         return false;

      }

   }

 }

}

//-->

</script>

<form name='myForm'>

Name: <input type='text' name='username' /> <br />

Time: <input type='text' name='time' />

</form>

</body>

</html>

In the above Javascript code, we try three times to make our XMLHttpRequest object. Our first attempt:

• ajaxRequest = new XMLHttpRequest();

is for the Opera 8.0+, Firefox and Safari browsers. If that fails we try two more times to make the correct object for an Internet Explorer browser with:

• ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
• ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");>

If that doesn't work, then they are using a very outdated browser that doesn't supportXMLHttpRequest, which also means it doesn't support Ajax.

Most likely though, our variable ajaxRequest will now be set to whatever XMLHttpRequeststandard the browser uses and we can start sending data to the server.

Next section will give you step by step explaination of AJAX work flow.

AJAX in Action

This section will give you clear picture of the exact steps of AJAX operation.

Steps of AJAX Operation

1.     A client event occurs

2.     An XMLHttpRequest object is created

3.     The XMLHttpRequest object is configured

4.     The XMLHttpRequest object makes an asynchronous request to the Webserver.

5.     Webserver returns the result containing XML document.

6.     The XMLHttpRequest object calls the callback() function and processes the result.

7.     The HTML DOM is updated

Lets take these steps one by one

1. A client event occurs

·         A JavaScript function is called as the result of an event

·         Example: validateUserId() JavaScript function is mapped as a event handler to a onkeyupevent on input form field whose id is set to "userid"

·         <input type="text" size="20" id="userid" name="id" onkeyup="validateUserId();">

2. The XMLHttpRequest object is created

var ajaxRequest;  // The variable that makes Ajax possible!

function ajaxFunction(){

 try{

   // Opera 8.0+, Firefox, Safari

   ajaxRequest = new XMLHttpRequest();

 }catch (e){

   // Internet Explorer Browsers

   try{

      ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");

   }catch (e) {

      try{

         ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");

      }catch (e){

         // Something went wrong

         alert("Your browser broke!");

         return false;

      }

   }

 }

}

3. The XMLHttpRequest object is Configured

In this step we will write a function which will be triggered by the client event and a callback function processRequest() will be registered

function validateUserId() {

   ajaxFunction();

   // Here processRequest() is the callback function.

   ajaxRequest.onreadystatechange = processRequest;

   if (!target) target = document.getElementById("userid");

   var url = "validate?id=" + escape(target.value);

   ajaxRequest.open("GET", url, true);

   ajaxRequest.send(null);

}

4. Making Asynchornous Request to the Webserver

Source code is available in the above piece of code. Code written in blue color is responsible to make a request to the web server. This is all being done using XMLHttpRequest objectajaxRequest

function validateUserId() {

   ajaxFunction();

   // Here processRequest() is the callback function.

   ajaxRequest.onreadystatechange = processRequest;

   if (!target) target = document.getElementById("userid");

   var url = "validate?id=" + escape(target.value);

   ajaxRequest.open("GET", url, true);

   ajaxRequest.send(null);

}

Assume if you enter Zara in userid box then in the above request URL is set to validate?id=Zara

5. Webserver returns the result containing XML document

You can implement your server side script in any language. But logic should be as follows

·         Get a request from the client

·         Parse the input from the client

·         Do required processing.

·         Send the output to the client.

If we assume that you are going to write a servlet then here is the piece of code

public void doGet(HttpServletRequest request,

                    HttpServletResponse response)

                        throws IOException, ServletException

{

   String targetId = request.getParameter("id");

   if ((targetId != null) &&

       !accounts.containsKey(targetId.trim()))

   {

      response.setContentType("text/xml");

      response.setHeader("Cache-Control", "no-cache");

      response.getWriter().write("true");

   }

   else

   {

      response.setContentType("text/xml");

      response.setHeader("Cache-Control", "no-cache");

      response.getWriter().write("false");

   }

}

6. Callback function processRequest() is called

The XMLHttpRequest object was configured to call the processRequest() function when there is a state change to the readyState of the XMLHttpRequest object. Now this function will recieve the result from the server and will do required processing. As in the following example it sets a variable message on true or false based on retruned value from the Webserver.

function processRequest() {

   if (req.readyState == 4) {

      if (req.status == 200) {

         var message = ...;

...

}

7. The HTML DOM is updated

This is the final step and in this step your HTML page will be updated. It happens in the following way

<li

JavaScript technology gets a reference to any element in a page using DOM API

·         The recommended way to gain a reference to an element is to call.

</li

document.getElementById("userIdMessage"),

// where "userIdMessage" is the ID attribute

// of an element appearing in the HTML document

·         JavaScript technology may now be used to modify the element's attributes; modify the element's style properties; or add, remove, or modify child elements. Here is the example

<script type="text/javascript">

<!--

 function setMessageUsingDOM(message) {

    var userMessageElement =

           document.getElementById("userIdMessage");

    var messageText;

    if (message == "false") {

       userMessageElement.style.color = "red";

       messageText = "Invalid User Id";

    } else {

       userMessageElement.style.color = "green";

       messageText = "Valid User Id";

    }

    var messageBody = document.createTextNode(messageText);

    // if the messageBody element has been created simple

    // replace it otherwise append the new element

    if (userMessageElement.childNodes[0]) {

       userMessageElement.replaceChild(messageBody,

       userMessageElement.childNodes[0]);

    } else {

       userMessageElement.appendChild(messageBody);

    }

}

-->

</script>

<body>

<div id="userIdMessage"><div>

</body>

That’s it...if you understood above mentioned seven steps then you are almost done with AJAX. In next chapter we will see XMLHttpRequest object in more detail.

What is XML Http Request

The XMLHttpRequest object is the key to AJAX. It has been available ever since Internet Explorer 5.5 was released in July 2000, but not fully discovered before people started to talk about AJAX and Web 2.0 in 2005.

XMLHttpRequest (XHR) is an API that can be used by JavaScript, JScript, VBScript and other web browser scripting languages to transfer and manipulate XML data to and from a web server using HTTP, establishing an independent connection channel between a web page's Client-Side and Server-Side.

The data returned from XMLHttpRequest calls will often be provided by back-end databases. Besides XML, XMLHttpRequest can be used to fetch data in other formats, e.g. JSON or even plain text.

You already have seen couple of examples on how to create a XMLHttpRequest object.

Below is listed some of the methods and properties you have to become familiar with.

---

XMLHttpRequest Methods

·         abort()
Cancels the current request.

·         getAllResponseHeaders()
Returns the complete set of HTTP headers as a string.

·         getResponseHeader( headerName )
Returns the value of the specified HTTP header.

·         open( method, URL )
open( method, URL, async )
open( method, URL, async, userName )
open( method, URL, async, userName, password )
Specifies the method, URL, and other optional attributes of a request.

The method parameter can have a value of "GET", "POST", or "HEAD". Other HTTP methods, such as "PUT" and "DELETE" (primarily used in REST applications), may be possible

The "async" parameter specifies whether the request should be handled asynchronously or not . "true" means that script processing carries on after the send() method, without waiting for a response, and "false" means that the script waits for a response before continuing script processing.

·         send( content )

Sends the request.

·         setRequestHeader( label, value )
Adds a label/value pair to the HTTP header to be sent.

---

XMLHttpRequest Properties

·         onreadystatechange
An event handler for an event that fires at every state change.

·         readyState

The readyState property defines the current state of the XMLHttpRequest object.

Here are the possible values for the readyState propery:

State    Description

0          The request is not initialized

1          The request has been set up

2          The request has been sent

3          The request is in process

4          The request is completed

readyState=0 after you have created the XMLHttpRequest object, but before you have called the open() method.

readyState=1 after you have called the open() method, but before you have called send().

readyState=2 after you have called send().

readyState=3 after the browser has established a communication with the server, but before the server has completed the response.

readyState=4 after the request has been completed, and the response data have been completely received from the server.

·         responseText
Returns the response as a string.

·         responseXML
Returns the response as XML. This property returns an XML document object, which can be examined and parsed using W3C DOM node tree methods and properties.

·         status
Returns the status as a number (e.g. 404 for "Not Found" and 200 for "OK").

·         statusText
Returns the status as a string (e.g. "Not Found" or "OK").

AJAX and Database Operations

To clearly illustrate how easy it is to access information from a database using Ajax, we are going to build MySQL queries on the fly and display the results on "ajax.html". But before we proceed, lets do ground work. Create a table using the following command.

NOTE: We are asuing you have sufficient privilege to perform following MySQL operations

CREATE TABLE `ajax_example` (

  `name` varchar(50) NOT NULL,

  `age` int(11) NOT NULL,

  `sex` varchar(1) NOT NULL,

  `wpm` int(11) NOT NULL,

  PRIMARY KEY  (`name`)

)

Now dump the following data into this table using the following SQL statements

INSERT INTO `ajax_example` VALUES ('Jerry', 120, 'm', 20);

INSERT INTO `ajax_example` VALUES ('Regis', 75, 'm', 44);

INSERT INTO `ajax_example` VALUES ('Frank', 45, 'm', 87);

INSERT INTO `ajax_example` VALUES ('Jill', 22, 'f', 72);

INSERT INTO `ajax_example` VALUES ('Tracy', 27, 'f', 0);

INSERT INTO `ajax_example` VALUES ('Julie', 35, 'f', 90);

---

Client Side HTML file

Now lets have our client side HTML file which is ajax.html and it will have following code

<html>

<body>

<script language="javascript" type="text/javascript">

<!--

//Browser Support Code

function ajaxFunction(){

 var ajaxRequest;  // The variable that makes Ajax possible!

                

 try{

   // Opera 8.0+, Firefox, Safari

   ajaxRequest = new XMLHttpRequest();

 }catch (e){

   // Internet Explorer Browsers

   try{

      ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");

   }catch (e) {

      try{

         ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");

      }catch (e){

         // Something went wrong

         alert("Your browser broke!");

         return false;

      }

   }

 }

 // Create a function that will receive data

 // sent from the server and will update

 // div section in the same page.

 ajaxRequest.onreadystatechange = function(){

   if(ajaxRequest.readyState == 4){

      var ajaxDisplay = document.getElementById('ajaxDiv');

      ajaxDisplay.innerHTML = ajaxRequest.responseText;

   }

 }

 // Now get the value from user and pass it to

 // server script.

 var age = document.getElementById('age').value;

 var wpm = document.getElementById('wpm').value;

 var sex = document.getElementById('sex').value;

 var queryString = "?age=" + age ;

 queryString +=  "&wpm=" + wpm + "&sex=" + sex;

 ajaxRequest.open("GET", "ajax-example.php" +

                              queryString, true);

 ajaxRequest.send(null);

}

//-->

</script>

<form name='myForm'>

Max Age: <input type='text' id='age' /> <br />

Max WPM: <input type='text' id='wpm' />

<br />

Sex: <select id='sex'>

<option value="m">m</option>

<option value="f">f</option>

</select>

<input type='button' onclick='ajaxFunction()'

                              value='Query MySQL'/>

</form>

<div id='ajaxDiv'>Your result will display here</div>

</body>

</html>

NOTE: The way of passing variables in the Query is according to HTTP standard and the have formA

URL?variable1=value1;&variable2=value2;

Server Side PHP file

So now your client side script is ready. Now we have to write our server side script which will fetch age, wpm and sex from the database and will send it back to the client. Put the following code into "ajax-example.php" file

<?php

$dbhost = "localhost";

$dbuser = "dbusername";

$dbpass = "dbpassword";

$dbname = "dbname";

                //Connect to MySQL Server

mysql_connect($dbhost, $dbuser, $dbpass);

                //Select Database

mysql_select_db($dbname) or die(mysql_error());

                // Retrieve data from Query String

$age = $_GET['age'];

$sex = $_GET['sex'];

$wpm = $_GET['wpm'];

                // Escape User Input to help prevent SQL Injection

$age = mysql_real_escape_string($age);

$sex = mysql_real_escape_string($sex);

$wpm = mysql_real_escape_string($wpm);

                //build query

$query = "SELECT * FROM ajax_example WHERE sex = '$sex'";

if(is_numeric($age))

                $query .= " AND age <= $age";

if(is_numeric($wpm))

                $query .= " AND wpm <= $wpm";

                //Execute query

$qry_result = mysql_query($query) or die(mysql_error());

                //Build Result String

$display_string = "<table>";

$display_string .= "<tr>";

$display_string .= "<th>Name</th>";

$display_string .= "<th>Age</th>";

$display_string .= "<th>Sex</th>";

$display_string .= "<th>WPM</th>";

$display_string .= "</tr>";

// Insert a new row in the table for each person returned

while($row = mysql_fetch_array($qry_result)){

                $display_string .= "<tr>";

                $display_string .= "<td>$row[name]</td>";

                $display_string .= "<td>$row[age]</td>";

                $display_string .= "<td>$row[sex]</td>";

                $display_string .= "<td>$row[wpm]</td>";

                $display_string .= "</tr>";

               

}

echo "Query: " . $query . "<br />";

$display_string .= "</table>";

echo $display_string;

?>

AJAX Security

Ajax Security: Server Side

·         AJAX-based Web applications use the same serverside security schemes of regular Web applications

·         You specify authentication, authorization, and data protection requirements in your web.xml file (declarative) or in your program (programatic)

·         AJAX-based Web applications are subject to the same security threats as regular Web applications

Ajax Security: Client Side

·         JavaScript code is visible to a user/hacker. Hacker can use the JavaScript code for inferring server side weaknesses

·         JavaScript code is downloaded from the server and executed ("eval") at the client and can compromise the client by mal-intended code

·         Downloaded JavaScript code is constrained by sand-box security model and can be relaxed for signed JavaScript

Current Issues with AJAX

AJAX is growing very fast and that is the reason that it contains many issues with it. We hope with the passes of time they will be resolved ab AJAX will be ideal for web applications. We are listing down few issues which AJAX has as a challenge.

Complexity is increased

·         Server side developers will need to understand that presentation logic will be required in the HTML client pages as well as in the server-side logic

·         Page developers must have JavaScript technology skills

AJAX-based applications can be difficult to debug, test, and maintain

·         JavaScript is hard to test - automatic testing is hard

·         Weak modularity in JavaScript

·         Lack of design patterns or best practice guidelines yet

Toolkits/Frameworks are not mature yet

·         Most of them are in beta phase

No standardization of the XMLHttpRequest yet

·         Future version of IE will address this

No support of XMLHttpRequest in old browsers

·         Iframe will help

JavaScript technology dependency & incompatibility

·         Must be enabled for applications to function

·         Still some browser incompatibilities

JavaScript code is visible to a hacker

·         Poorly designed JavaScript code can invite security problem.