Alternatives to the get method

0

I am making a system and have a part that will mess with boleto bancário. For security / privacy one user can not see the other's ticket. I make a check every time he accesses this page to see if it has any relation to that ticket ID.

Thinking about this I was going to do for GET but it would be bad because I could change the ID and access the others. So I did it for AJAX but it is not working. I want to pass the ID, load the page and show the ticket . I'm using BOLETOPHP, a ready-made project.

My AJAX Requirement

$(document).on('click', '#getBoleto', function(e) {
  e.preventDefault();

  var uid = $(this).data('id');
  var href = $(this).attr('href');

  $.ajax({
    url: 'gerarBoleto.php',
    type: 'POST',
    data: {
      id: uid
    },
    dataType: 'html'
  }).done(function() {
    window.open(href, '_blank');
  });
});

PHP:

$sqlQuery = $pdo->prepare("SELECT tipe, banco, dv_agencia, agencia, dv_conta, conta, carteira, numeroBoleto FROM tbl_contaBanco WHERE id_Boleto = ?");
$sqlQuery->bindValue(1, $id);
$sqlQuery->execute();
$row = $sqlQuery->fetch(PDO::FETCH_ASSOC); // Ai eu faço os outros cálculos etc... e quero mostra o boleto

ero shows the ticket

How do I show the ticket at the end of loading? Where should you go wrong?

    
asked by anonymous 07.06.2017 / 16:02

1 answer

0

What you're doing does not work, simply because the http protocol is stateless. The geraboleto processing will be done at a different time than windows.open (), the two will open at different times, without you having access to the ID.

What you can do is simply make a post for your ticket, as a form submits. already will solve.

<form method="POST" action="gerarBoleto.php">
     <input type="submit" name="botao" id="botao" value="BOTAO">    
     <input type="hidden" name="id" value="9991">
</form>

Using this code in the place where you generate the ticket, you do not need ajax. In PHP you just get the 'id' with:

$id = $_POST['id'];
    
07.06.2017 / 18:58