Implementing flexigrid, issue with ajax response, returns whole php file_问答_开发者

I am tying 开发者_StackOverflowto implement flexigirid.

Problem is that when flexigrid try send a POST (trying this example on my local LAMP setup)

POST example:

page=1&rp=10&sortname=id&sortorder=asc&query=&qtype=name

This works and is sent to post2.php, problem is the response from my local server. Here is the result from the example (provided above).

{
page: 1,
total: 240,
rows: [
{id:'1',cell:['1','AF','AFGHANISTAN','Afghanistan','AFG','4']},
{id:'2',cell:['2','AL','ALBANIA','Albania','ALB','8']},
{id:'3',cell:['3','DZ','ALGERIA','Algeria','DZA','12']},
{id:'4',cell:['4','AS','AMERICAN SAMOA','American Samoa','ASM','16']},
{id:'5',cell:['5','AD','ANDORRA','Andorra','AND','20']},
{id:'6',cell:['6','AO','ANGOLA','Angola','AGO','24']},
{id:'7',cell:['7','AI','ANGUILLA','Anguilla','AIA','660']},
{id:'8',cell:['8','AQ','ANTARCTICA','Antarctica','','']},
{id:'9',cell:['9','AG','ANTIGUA AND BARBUDA','Antigua and Barbuda','ATG','28']},
{id:'10',cell:['10','AR','ARGENTINA','Argentina','ARG','32']}]
}

This fills out the table and everthing is good.

Here is the response I get from my server in full: (using burp suite to analyze the request and responses)

HTTP/1.1 200 OK
Date: Mon, 21 Feb 2011 15:13:18 GMT
Server: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
X-Powered-By: PHP/5.3.1
Cache-Control: public
Expires: Mon, 21 Feb 2011 15:13:18 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 2287

<? 
error_reporting(0);
function runSQL($rsql) {
    $hostname = "localhost";
    $username = "removed..";
    $password = "removed..";
    $dbname   = "removed..";
    $connect = mysql_connect($hostname,$username,$password) or die ("Error: could not connect to database");
    $db = mysql_select_db($dbname);
    $result = mysql_query($rsql) or die ('test'); 
    return $result;
    mysql_close($connect);
}

function countRec($fname,$tname,$where) {
$sql = "SELECT count($fname) FROM $tname $where";
$result = runSQL($sql);
while ($row = mysql_fetch_array($result)) {
return $row[0];
}
}
$page = $_POST['page'];
$rp = $_POST['rp'];
$sortname = $_POST['sortname'];
$sortorder = $_POST['sortorder'];

if (!$sortname) $sortname = 'name';
if (!$sortorder) $sortorder = 'desc';
        if($_POST['query']!=''){
            $where = "WHERE `".$_POST['qtype']."` LIKE '%".$_POST['query']."%' ";
        } else {
            $where ='';
        }
        if($_POST['letter_pressed']!=''){
            $where = "WHERE `".$_POST['qtype']."` LIKE '".$_POST['letter_pressed']."%' ";   
        }
        if($_POST['letter_pressed']=='#'){
            $where = "WHERE `".$_POST['qtype']."` REGEXP '[[:digit:]]' ";
        }
$sort = "ORDER BY $sortname $sortorder";

if (!$page) $page = 1;
if (!$rp) $rp = 10;

$start = (($page-1) * $rp);

$limit = "LIMIT $start, $rp";

$sql = "SELECT id,iso,name,printable_name,iso3,numcode FROM country $where $sort $limit";
$result = runSQL($sql);

$total = countRec('iso','country',$where);

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT" );
header("Last-Modified: " . gmdate( "D, d M Y H:i:s" ) . "GMT" );
header("Cache-Control: no-cache, must-revalidate" );
header("Pragma: no-cache" );
header("Content-type: text/x-json");
$json = "";
$json .= "{\n";
$json .= "page: $page,\n";
$json .= "total: $total,\n";
$json .= "rows: [";
$rc = false;
while ($row = mysql_fetch_array($result)) {
if ($rc) $json .= ",";
$json .= "\n{";
$json .= "id:'".$row['id']."',";
$json .= "cell:['".$row['id']."','".$row['iso']."'";
$json .= ",'".addslashes($row['name'])."'";
$json .= ",'".addslashes($row['printable_name'])."'";
$json .= ",'".addslashes($row['iso3'])."'";
$json .= ",'".addslashes($row['numcode'])."']";
$json .= "}";
$rc = true;
}
$json .= "]\n";
$json .= "}";
echo $json;
?>

Cleary the whole post2.php file is returned?! (With my mysql password and username!) And not the $json variable ... What is going on? PHP is server side, only the echo $json; at the end of the file should be seen. This freaked me out a little.. Big security flaw..

Clearly, your server seems to not be configured to handle "<?" tags as php tags. Try replacing "<?" by "<?php". It should look better.