# Other Languages > jQuery >  Trouble calling PHP (maybe)

## Shaggy Hiker

I'm trying to set up a backup system that will run off an Android tablet in a disconnected environment. To do this, I installed a server on the tablet and a WIFI hotspot. These appear to be working as expected, but do complicate this question, because replicating the issue gets dicey.

I took a PHP script that I borrowed and modified. The key part of the script is this:



```

// Set default HTTP response of 'ok'
$response['code'] = 0;
$response['status'] = 404;
$response['data'] = NULL;

if(isset($_POST['action']) && !empty($_POST['action'])) {
    $action = $_POST['action'];
      $response['code'] = 1;
      $response['status'] = $api_response_code[ $response['code'] ]['HTTP Response'];
      $response['data'] = 'Sofa so good';
   
}
else{
    $response['data'] = 'Not Much';
}

// Return Response to browser
deliver_response($response);
```

The point is that there is a default response created with data = Null. I then check the POST['action'] and return something slightly more whimsical. If the If fails, then the response is set to 'Not Much'. This allows me to see three different outcomes: 

1) The If wasn't reached.
2) The If was reached, and was True.
3) The If was reached, and was False.

I put this php file into the right folder on the tablet, navigated to the file with my browser, which means a URL that looks like this, in this case:

http://192.168.1.110:8080/snorkel/index.php

and got back a response that showed option #3, so the file was working fine. I hadn't supplied an action, so option #2 was out of the question, which is fine. The point is that the file is working fine on the tablet and is accessible from the test computer.

Then, in the main program, which is a large JS/JQuery web app, I tested that the web application was able to reach outwards from the test environment by hitting a service on a different computer to update some tables. This worked as desired (well, actually one of the tables had an issue, but that's a different matter for me to investigate, but the other tables worked fine). 

The final step was to test out the backup, which meant hitting that php page. I have tried various versions of this and have always gotten a really opaque result, which is why I'm asking here. The JQuery code for the call looks is this:



```
$.ajax({
        type: "post",
        url: tURL,
        data: { action: 'test' },
        success: function (data) {
            if (data[0].ERROR !== "None") {
               //Surplus stuff removed.
            }
            
        },
        error: function (jqXHR, textStatus, errorThrown) {
            console.log(textStatus, errorThrown);
           //Surplus stuff removed.
        }
    });
```

I have checked that the URL passed in tURL is exactly as I posted earlier. The value in data doesn't seem to have any impact at all, since anything I pass has the same result.

I then put a breakpoint inside the success and error methods. In all cases, I reach the error method. TextStatus shows 'error', and errorThrown is ''. I haven't been able to get any other result.

Originally, I tried this with a Get call rather than post, but there's never an answer. So, directly accessing the index.php file via a browser shows that it's there and responding as expected, but I have been unable to get anywhere with the JQuery approach.

Any help would be appreciated.

----------


## Shaggy Hiker

I'm more than a bit new to this. However, after reading a bunch of things, the problem seems like it might be a block on cross-site scripting. The URL that is hosting the php page is certainly not the URL that served up the JQuery application that is making the call. Is that a likely issue, or am I misunderstanding something here?

----------


## techgnome

Nope... I think you pretty much sussed it out... x-site scripting was the first thing I thought of as I was reading the post. it's the only thing I can think of that would react this way. It's a little odd that the errorThrown didn't contain a "Cross-site scripting encountered" error or something a bit more descriptive unless the engine suppresses that to prevent additional damage from being invoked.

-tg

----------


## Shaggy Hiker

From what I have seen, that information is normally not available, so not seeing it doesn't surprise me.

Being new to this whole scene, this has me a bit puzzled on a couple levels. 

1) Elsewhere in the code I call some API methods that are related. They're actually part of the project, but don't have to be. I can understand why I don't have an issue with XSS when the app is running in production, because the same source principle is met. However, when I'm running this for testing in VS, without having published the new version, the URL is localhost etc., so why am I then able to make AJAX calls to the service? It seems like the site domain wouldn't be the same in the test scenario as it would in the production scenario, and so the call to the service would see a different domain.

2) How do people handle hitting some other API? Is that done on the server side such that the client is not the one making the request, or is there some other reason?

Also, given that XSS is the issue, is there any solution? The situation is that people will load this app, which is just a web page that has a manifest such that all the JS will be cached local, then they'll head off into the Great Disconnected Wilderness for days at a time. They will be filling in surveys that will end up as JSON objects stored in localstorage. That's great, except when you destroy a tablet. The goal was to offload the JSON objects to a different tablet in a secure, undisclosed, location. So, I have that second tablet running a web server with the idea that the app could dump data off to a service on that tablet, but it appears that XSS is preventing me from achieving that goal.

Any suggestions?

----------


## tr333

Did you check the browser console for error messages?  If you need remote debugging, you can try the Valence add-on for Firefox.

----------


## Shaggy Hiker

There aren't any errors in the code. It is simply returning an error code of 0.

----------

