This is a php file below named getques.php at server. In this php file, the variables subnm1, chpno1 and qnumber1 are posted from a html-javascript file from client side. With these, a database at server is accessed and the output of SQL query is stored in a variable $px.
<!DOCTYPE html>
<html>
<body>
<?php
$x = $_POST["subnm1"];
$y = $_POST["chpno1"];
$z = $_POST["qnumber1"];
$con=mysqli_connect("localhost","compete7_bhunia","pr393ss","compete7_iitmock");
if (mysqli_connect_errno())
{ echo "Failed to connect to MySQL: " . mysqli_connect_error(); }
$result = mysqli_query($con,"SELECT question, optiona, optionb, optionc, optiond,
coroption FROM $x WHERE qnumber = $z AND chapno = $y");
while($row = mysqli_fetch_array($result))
{
$px = $row['question'];
}
mysqli_close($con);
?>
</body>
</html>
This $px is showing its desired data that has been retrieved from database. Now, I want that this variable $px should be passed to the same html-javascript file. How to get it at javascript. The relevant part is as below.
<script type="text/javascript">
var abc = "<?=echo $px ?>";
alert(abc);
</script>
This is not showing the value of $px. Pl. help.
Avoid using short open tags.May be in your php short open tags is not enabled. So try like this..
var abc = "<?php echo $px ?>";
short_open_tag directive) with PHP 5.3 or below (but since PHP 5.4.0,
Actually, in the php.ini-production file provided with PHP 5.3.0, they are disabled by default:
$ grep 'short_open' php.ini-production
; short_open_tag
short_open_tag = Off
So, using them in an application you want to distribute might not be a good idea: your application will not work if they are not enabled.
Use like this :
<?php echo $px ?>";
As others have stated, you have a syntax error, your output line should read like
var abc = "<?php echo $px ?>";
However, this is not safe (and don't use short open tags <?=, as they may be disabled in PHP < 5.4): consider that $px contains a double quote, then your syntax will be malformed; it is even possible to inject JavaScript code this way. Don't do this!
A safer method is to use json_encode:
var abc = <?php echo json_encode($px) ?>;
(Note that you don't need to surround this with quotes.)
On a side note, you are vulnerable to SQL injection. Please use prepared statements to prevent this.
Related
I have a PHP page with some JavaScript code also, but this JavaScript code below doesn't seem to work, or maybe I'm way off!
I am trying something like this:
var areaOption=document.getElementById("<?php echo #$_POST['annonsera_name']?>");
areaOption.selected=true;
Also I have tried this, but it only alerts a BLANK alert-box:
alert (<?php echo $test;?>); // I have tried this with quotes, double-quotes, etc... no luck
Am I thinking completely wrong here?
UPDATE
Some PHP code:
<?php
$test = "Hello World!";
?>
In your second example, you are missing quotes around the string (so H is interpreted as a variable - which you didn't set).
Test this:
alert (<?php echo "'H'";?>);
OR
alert ('<?php echo "H";?>');
PHP runs on the server side and Javascript is running on the client side.
The process is that PHP generates the Javascript that will be executed on the client side.
You should be able to check the JS that is generated just looking at the code. Of course, if the JS relies on some PHP variables, they need to be instanciated before the JS is output.
<?php
$test = 'Hello world';
?>
<html>
<body>
<script>
alert('<?php echo $test; ?>');
</script>
</body>
</html>
will work but
<html>
<body>
<script>
alert('<?php echo $test; ?>');
</script>
</body>
</html>
<?php
$test = 'Hello world';
?>
will not
Use json_encode to convert some text (or any other datatype) to a JavaScript literal. Don't just put quotes around the echoed string — what if the string has a quote in it, or a newline, or backslash? Best case your code fails, worst case you've got a big old cross-site-scripting security hole.
So,
<?php
function js($o) {
echo json_encode($o, JSON_HEX_TAG|JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_AMP);
}
?>
<script type="text/javascript">
var areaOption= document.getElementById(<?php js($_POST['annonsera_name']); ?>);
areaOption.selected= true;
alert (<?php js('Hello World'); ?>);
</script>
Your using #$_POST indicates that you have received (or are expecting) errors - check your generated source to see if the value was output correctly. Otherwise document.getElementById will fail and you'd get no output.
alert("Delete entry <? echo $row['id']; ?> ")
If your extension is js, php will not work in that file.
The reason being, php parses on files that it is supposed to. The file types that php will parse are configured in httpd.conf using AddType commands (or directives, whatever they are called).
So you have 3 options:
add filetype js to the list of files php will parse (BAD, VERY BAD)
make the script inline to some php file
rename the file to script.js.php, and at the beginning of the file, specify the content type, like so:
<?php header( 'content-type: text/javascript' ); ?>
Cheers!
This is the code I am executing inside PHP condition
<?php
if(is_null($model)) {
echo "<script>window.parent.closeIframe(true)</script>";
}
?>
It doesn't work even If I put alert or calling a function inside my PHP condition.
Is it possible to run a Javascript code inside PHP ?
Is there any PHP extensions needed to be enabled ?
Was working on a recent project to execute JavaScript after PHP was finished executing. Try placing the script tag after the PHP tag:
test.php:
<?php
echo "hello";
include("example.html") // To insert HTML page
?>
<script>
alert("hello");
</script>
This worked for me. You can try it. I forced $model to be null.
<?php
$model = null;
if(is_null($model)) {
echo "<script>alert('Hello World')</script>";
}
?>
You can't call close from client Javascript from server PHP.
but you can call from HTML client. put close in bottom of HTML body tag
and make sure Javascript is turned on in your browser.
Hi if you are executing a query and then checking if result is null then this script to run then please correct. PHP is_null is true when it get NULL php datatype and a query never returns this. So if i am right then you can use this one this is my example which i used to check your method.
<?php
$con = mysqli_connect("localhost","root","","user") or die("error");
$res = mysqli_query($con, "select * from user where id =-99");
$model = mysqli_num_rows($res);
if(empty($model)) {
echo "<script>window.parent.closeIframe(true)</script>";
}
?>
just to check you can refer
$model = 0;
<?php
if(empty($model)) {
echo "<script>alert("hello")</script>";
}
?>
It appears that json_encode is being VERY picky about what other stuff can be inside my PHP file. Which is fine, because I just do what I normally would do in file A (with json_encode) in it's own file.
I just thought I would ask because I am storing a variable in the $_SESSION instead of updating my database with the variable because json_encode doesn't seem to want to work when I have all of the code in its file.
For instance, this code doesn't work:
<?php
session_start();
include 'dbcon.php';
$sessionID = uniqid();
echo json_encode($sessionID);
if(isSet($_POST['clearSession']) == '1')
{
$query = "UPDATE currentID SET id=('0')";
$execute = $mysqli->query($query) or die($mysqli->error.__LINE__);
} else {
$query = "UPDATE currentID SET id=('$sessionID')";
$result = $mysqli->query($query) or die($mysqli->error.__LINE__);
}
?>
When going to the file in my browser, I do in fact get the json_encode results, however when my Javascript calls it it doesn't seem to correctly import it.
So, for now I simply have two PHP files:
<?php
session_start();
$sessionID = uniqid();
$_SESSION["sessionID"] = $sessionID;
echo json_encode($sessionID);
?>
Which echo's the same thing as in the first file, but this time my JavaScript correctly imports it.
and
<?php
session_start();
include 'dbcon.php';
if(isSet($_POST['clearSession']) == '1')
{
$query = "UPDATE currentID SET id=('0')";
$execute = $mysqli->query($query) or die($mysqli->error.__LINE__);
} else {
$sessionID = $_SESSION["sessionID"];
$query = "UPDATE currentID SET id=('$sessionID')";
$result = $mysqli->query($query) or die($mysqli->error.__LINE__);
}
?>
I guess my question is, why does this happen? It seems kind of silly that I have to store the uniqid in a SESSION so that my other PHP file can add it to the database. Whereas if I simply had it in one file, then I could just update the database when I generate a new uniqid and avoid having to use $_SESSION in the first place.
You have this:
$sessionID = uniqid();
echo json_encode($sessionID); // "53d4c17abfe87"
Since uniqid() produces a plain string, your output is not valid JSON as per the format specification. You'll need something like this instead:
$sessionID = uniqid();
echo json_encode(array($sessionID)); // ["53d4c17abfe87"]
Why does json_encode() generate invalid JSON in the first place? Because some times it's useful to generate partial JSON. For instance, it's a handy trick to inject values into generated JavaScript code:
var foo = <?=json_encode($sessionID)?>;
It's also documented:
PHP implements a superset of JSON - it will also encode and decode
scalar types and NULL. The JSON standard only supports these values
when they are nested inside an array or an object.
So to answer the question title:
Is json_encode extremely picky?
On the contrary, it's fairly relaxed!
You don't need to store it in a session necessarily, it's the fact that $_SESSION is an array.
So, what you would want would be something like this:
echo json_encode(array('sessionID' => $sessionID));
And then when you parse the JSON with JavaScript you can access it like this:
obj = JSON.parse(jsonObj);
alert(obj.sessionID);
Obviously, jsonObj is the JSON passed from the server.
Hope this helps!
I have a javascript method in separate js file that I want to call from a HTML page with a php argument.
<?php
include "connection.php";
$selectedpatient = $_POST['patient_dropdown'];
$myquery = "SELECT * FROM `patient_info` patient_info.Name = '$selectedpatient' ";
$query = mysql_query($myquery);
if ( ! $query ) {
echo mysql_error();
die;
}
$data = array();
for ($x = 0; $x < mysql_num_rows($query); $x++) {
$data[] = mysql_fetch_assoc($query);
}
$tempdata = json_encode($data);
?>
<script> data_arrival($_tempdata); </script>
And I defined the source for the javascript file in the HTML header. It displays two errors:
1) Parse error in the javascript file - that's understandable as I included the javascript file in header and the file gets executed before the php actually retrieves any data.
2) data_arrival method is undefined
How can I fix this ?? I want to pass the $tempdata (after its populated by php) to data_arrival method as an argument.
Thanks in advance !
First of all: it's PHP that's executed first, not JavaScript. It can't be the other way round in your example.
data_arrival is undefined... because either you haven't defined it at all, or because it is defined after it's called.
To pass the value from PHP to JavaScript in your case, you can use:
data_arrival(<?php echo $_tempdata; ?>);
It will generate something like:
data_arrival([a, b, c, d, ...]);
Of course, data_arrival function need to be defined prior to its execution.
Edit
And maybe it's good to use the same variable name: $_tempdata vs $tempdata.
I want to set the value of a JavaScript variable into a PHP variable. How can that be done?
Kindly give me some suggestions.
My code is :
document.getElementById("dummy").value= <?php echo ("document.getElementById('txtplan').value"); ?> //document.formn.txtplan.options[document.formn.txt'+fld+'.selectedIndex].value //eval(''); $_POST['txtplan']
alert(document.getElementById("dummy").value);
<?php
$planname = $_POST["dummy"];
$plandetails = mysql_query("SELECT * FROM membershipplan where planname='$planname'");
while($row1 = mysql_fetch_array($plandetails))
{?>
document.getElementById("txtduration").value=<?php echo $row1['planduration']; ?>
document.getElementById("txtplancontact").value=<?php echo $row1['plannoofcontacts']; ?>
document.getElementById("txtplanamount").value=<?php echo $row1['planamount']; ?>
<?php
}
?>
});
am not do with this means kindly give me the alternative way for the above process
JS -> PHP = impossible (only if you send that info to PHP using POST or GET)
PHP -> JS = possible var text = <?php echo( $text ); ?> ;
The only reason for that is that the PHP code is executed on your server.
You cant do that i.e you cant assign a javascript variable to a php variable
(unless you are using cookie or ajax) but u can assign a php variable to a javascript variable using
var a=<?php echo $a ?> ;
but be careful with that as the php variables will be executed in the server.
The answer is simple. Impossible. Because,
Java script is a client side scripting. Client machine can handle
this script, If it is possible to assign javascript value to PHP
variable that leads to some sort of vulnerability.
So this can't be done.
If you want to accomplish something by doing this kind of assignment, Definitly there would be a way of doing it. Post another question what do you want to do, you will be showered with answers.