How to use `foreach()` in ajax call

I see that you found the error in the comments given to you on the post, and that is good.

However, it should be pointed out that your code contains both an SQL Injection vulnerability, as well as a Reflected XSS vulnerability.

$catId = $_POST['key']; // value from the ajax
...
$result_fromDB = $wpdb->get_results("SELECT * FROM  sub_category where categor_id = '".$catId."'");

This is an SQL Injection. Basically, you are taking input provided by the user, and directly putting it into an SQL statement without any form of sanitization.

You could fix this by properly using $wpdb->prepare() before running the query against the database, or by simply validating that the “key” that you’re getting is of the form that you expect it to be.

$catId = $_POST['key']; // value from the ajax
...
echo "<option value="".$catId."" >".$catId."</option>";

Similarly, this code echoes back input directly to the browser. This is called Reflected XSS because one could simply send it a <script> code, and have that script run in the context of your website. This could be used in numerous ways against you, although most of them would require some form of social engineering, like tricking you into visiting a malicious webpage in your browser.

Always validate inputs. Always sanitize outputs. Always properly prepare SQL statements. No exceptions.

Related Posts:

  1. AJAX handler throws 400 (Bad request) – why?
  2. ajax live search for post title
  3. Display a function using AJAX
  4. Unable to get_the_content(); of a post in WordPress via AJAX
  5. Ajaxing function in widget class
  6. woocommerce target button with class after ajax update
  7. WP Ajax Function Always Returning undefined
  8. Scripts not appending to element in AJAX call – why?
  9. How to search using ajax for exact phrase or words in an input field?
  10. echo custom fields with AJAX
  11. Are innerHTML elements visible to jQuery functions?
  12. get content from page through AJAX
  13. Get URLs for AJAX Filter Checkboxes WordPress
  14. Woocommerce Variable Product Dropdown for Custom Shop Template
  15. Populate Product Regular Price with a calculated ACF Field Value
  16. Ajax Form Issues using Lightsail (AWS)
  17. post value to function with Ajax and jQuery
  18. Multiple Notifications SetInterval
  19. WordPress Ajaxifying not working properly
  20. Load scripts into an AJAX div
  21. Load scripts into an AJAX div
  22. Automatic add space if user enters number(any digit)
  23. Ajax call does not work for this custom code
  24. AJAX values converted to PHP Variables?
  25. iOS and ajaxComplete
  26. Ajax call always returns 0
  27. 400 bad request on admin-ajax.php only using wp_enqueue_scripts action hook
  28. How can I fetch loop of post titles via AJAX?
  29. Show modified time if post is actually modified
  30. How to save Uploaded image in custom option panel?
  31. A snippet after every image
  32. Function to show only first instance of shortcode
  33. Automatically insert php function into post $the_content
  34. Creating loop within functions.php
  35. Click loads template via ajax
  36. The correct way to call posts with ajax
  37. Search user metadata with checkboxes via ajax (almost working)
  38. Filtering posts by category name based on page’s slug
  39. WordPress doesn’t Load JQuery Now? Do I need to enqueue JQuery also?
  40. How to speed up admin-ajax.php in wordpress
  41. 2 Loops, Only Displaying 1 Loop in Both Loops
  42. Replace menu links with # and add name to its li
  43. Loading CDN that requires jQuery in WordPress
  44. Having a Function Inside of the Loop
  45. Getting different functions data while using while loop in wordpress
  46. Wp_query function to search from product_title ‘OR’ product tags name
  47. how to search users by ajax live search
  48. Create a new query in function.php to filter blog posts
  49. How to change the order of Jquery in the footer of my theme?
  50. Limit length of first excerpt in the loop
  51. Attempt to change jQuery version caused White Screen of Death
  52. Create post using Ajax
  53. Load jquery only for certain pages in the backend
  54. Add a jQuery Function
  55. Why doesn’t is_page(id) work in functions.php?
  56. Load Post into DIV with Ajax
  57. Enqueuing latest version of jQuery into a child theme returns a blank screen
  58. Dequeue script to prevent javascript event conflict on wordpress child theme
  59. While loop with an exception after a count is reached
  60. Function won’t run onclick using Ajax
  61. how to json_encode(); the Loop content so that the encoded array is [“0”:content, “1”:content]
  62. PHP 7.1 | Warning: A non-numeric value encountered in
  63. Loading two different AJAX requests on two different pages
  64. WordPress notification if new post published
  65. Why i can’t get custom fields value or post ID via Ajax?
  66. processing form data with ajax
  67. This code works, but the way I integrated it is breaking the media uploader. How can I integrate it properly?
  68. Get term slug by term id and then explode it
  69. Email Exists ERROR into Ajax registration form
  70. How to use get_posts() function in functions.php
  71. Fetching posts from wordpress function in ajax
  72. Breaking up multiple words and inserting an image after first word
  73. colorbox not loading in
  74. How to add php within jquery
  75. Cannot pass value variable to WP AJAX functions
  76. How set a while with a function
  77. Finding post ID dynamically on click
  78. WordPress Ajax filter: Create two loops for different output styles?
  79. Using AJAX on frontend: Synchronous XMLHttpRequest deprecation except for admin role
  80. How To Display Author Popup on Entry Meta (Genesis Framework)?
  81. Find the method which AJAX GET calls
  82. WordPress Jquery+scripts enqueue issue
  83. Moving CDN jQuery to footer does not work?
  84. Modify category archive page loop on functions.php
  85. Adding a jQuery rotator function
  86. functions.php filters not applied in AJAX call
  87. Pass max posts to Javascript
  88. How to use different jquery function of idangero swiper dependant on page template?
  89. admin-ajax.php nulls all php variables
  90. Pass jquery var to a function in functions.php
  91. How do I get my nav menu to show sub pages?
  92. Post variables not displaying correctly in custom function
  93. Ajax request with jQuery without WP_ajax
  94. how to handle multiple forloop?
  95. Owl Carousel and WordPress Integration Via WP_Enqueue
  96. WordPress Custom wp mail template return full template
  97. Animated Accordion [closed]
  98. Update post meta with wp cron
  99. get page_id in ajax to function in functions.php
  100. How to get variable from other function inside class function using add_action for Ajax call