Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    New Coder
    Join Date
    Mar 2009
    Posts
    55
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Passing two variables from onclick to xml via javascript

    Hey everyone,

    I am not quite positive where to post this as this issue may involve more than just one coding language. I am a experienced html/css/php/mysql coder who has been delving into Javascript/XML/AJAX coding.

    Here is what I am attempting to accomplish using a picture of praying hands as a button with an onclick event.

    1. Button is displayed as praying hands that say "Please pray for me".
    2. User/Guest clicks on button.
    3. Username and Prayer Post ID are passed to the prayFor JS function
    4. PrayFor JS function passes Username and Prayer Post ID onto a separate PHP file and the JS changes the original image to one of praying hands that states "Thank You!" on them.

    So far the code works as intended, however when I am passing the prayer ID and then the username and somewhere along the way the username is getting lost as the php files that the JS calls on cannot see that variable. Also the prayer ID is an int and the username is a string.

    Here is what I have so far code wise.

    Javascript/XML bit
    Code:
    <script type="text/javascript">
    var xmlhttp;
    function prayFor(i,u){
    	if (window.XMLHttpRequest){// code for IE7+, Firefox, Chrome, Opera, Safari
    	  xmlhttp=new XMLHttpRequest();
    	}else{// code for IE6, IE5
    	  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
    	}
    	
    	xmlhttp.onreadystatechange=function(){
    		if(xmlhttp.readyState==4 && xmlhttp.status==200){
    			document.getElementById("prayFor"+i).innerHTML=xmlhttp.responseText;
    		}
    	}
    	
    	xmlhttp.open("GET", "prayerInc.php?i="+i+"&u="+u);
    	xmlhttp.send();
    }
    </script>
    HTML/PHP bit
    Code:
    <?php $id = 1; $un='Serihon'; ?>
    <input type="image" src="images/prayingHands.png" alt="praying hands" onclick="prayFor('<?php echo $id; ?>','<?php echo $un; ?>');" />
    Here is the PHP code I call on to use the u and i variables.
    PHP Code:
    <?php
    include('config.php');

    function 
    clean($str) {
        
    $str = @trim($str);
        if(
    get_magic_quotes_gpc()) {
            
    $str stripslashes($str);
        }
        return 
    mysql_real_escape_string($str);
    }

    $i=clean($_GET['i']);
    $u=clean($_GET['u']);

    $sql "UPDATE pickles SET u='$u' WHERE i='$i' ";
    $result=mysql_query($sql);

    echo 
    "<img src=\"images/prayingHands2.png\" alt=\"Thank you!\" />";
    ?>
    Any help with this would be greatly appreciated!

    Serihon
    Last edited by Serihon; 02-24-2012 at 12:26 PM.

  • #2
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,294
    Thanks
    13
    Thanked 345 Times in 341 Posts
    your passed parameters are using the keys i and u, therefore you need these to get the data from $_GET.


    PS. you should turn register_globals to Off for security reasons
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #3
    New Coder
    Join Date
    Mar 2009
    Posts
    55
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Thanks for the reply. I am using $_GET in the php files to pull the information and the id is being succesfully passed through the JS/XML to the php file as it is being updated on the db correctly. For some reason the username isn't being passed correctly. I have a feeling it is because it is a string and needs additional quotes but I'm not sure of the proper way to add them.

    I will look into the register_globals thing but according to documentation it is off by default as of PHP 4.3, but I suppose this may change from host to host.

    Thanks!

    Frank

  • #4
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,294
    Thanks
    13
    Thanked 345 Times in 341 Posts
    Quote Originally Posted by Serihon View Post
    I am using $_GET in the php files to pull the information
    but you didn't show that code. so, based on the code given, I had to assume you didn't use $_GET at all.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #5
    New Coder
    Join Date
    Mar 2009
    Posts
    55
    Thanks
    9
    Thanked 0 Times in 0 Posts
    And here it is.

    PHP Code:
    <?php
    include('config.php');

    function 
    clean($str) {
        
    $str = @trim($str);
        if(
    get_magic_quotes_gpc()) {
            
    $str stripslashes($str);
        }
        return 
    mysql_real_escape_string($str);
    }

    $i=clean($_GET['i']);
    $u=clean($_GET['u']);

    $sql "UPDATE pickles SET u='$u' WHERE i='$i' ";
    $result=mysql_query($sql);

    echo 
    "<img src=\"images/prayingHands2.png\" alt=\"Thank you!\" />";
    ?>
    Last edited by Serihon; 02-24-2012 at 12:26 PM.

  • #6
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,294
    Thanks
    13
    Thanked 345 Times in 341 Posts
    1) var_dump($_GET);
    2) Prepared Statements offer easier and better safety.
    3)
    PHP Code:
    $sql "UPDATE table SET u='$u' WHERE i='$i' "
    that should fail with an SQL error. (table is a reserved keyword)
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • Users who have thanked Dormilich for this post:

    Serihon (02-24-2012)

  • #7
    New Coder
    Join Date
    Mar 2009
    Posts
    55
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Dormilich View Post
    1) var_dump($_GET);
    2) Prepared Statements offer easier and better safety.
    3)

    that should fail with an SQL error. (table is a reserved keyword)
    1) Could you explain how var_dump works? From the PHP manual I understand that it destroys variables. By using this wouldn't it destroy the u and i before they were used?
    2) What do you mean by prepared statements?
    3) I used the name table for example purposes only here, it isn't that in my code.

  • #8
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,294
    Thanks
    13
    Thanked 345 Times in 341 Posts
    not sure which manual you used, my manual says:
    void var_dump ( mixed $expression [, mixed $... ] )

    This function displays structured information about one or more expressions that includes its type and value. Arrays and objects are explored recursively with values indented to show structure.
    Prepared Statements: http://en.wikipedia.org/wiki/Prepared_statement, http://php.net/manual/en/pdo.prepared-statements.php
    Last edited by Dormilich; 02-24-2012 at 12:32 PM.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #9
    New Coder
    Join Date
    Mar 2009
    Posts
    55
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Please forgive that I misread var_dump as it is early here. I guess I am just not understanding how I should use var_dump or prepared statements but I will look into them.

    Verified that register_globals was already set to off.

    Still could use some input on why u isn't being passed.

  • #10
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,294
    Thanks
    13
    Thanked 345 Times in 341 Posts
    first, check with var_dump() if all information is indeed present in $_GET
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #11
    New Coder
    Join Date
    Mar 2009
    Posts
    55
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Dormilich View Post
    first, check with var_dump() if all information is indeed present in $_GET
    Yes I figured out how to use var_dump() just a bit before you posted this and of course it is an extremely useful debug tool that I will keep close from now on, thanks for pointing it out.

    Turns out the u was being set and passed into PHP and I had some variables wrong such as a field name in my table. I fixed it and it still wasnt inputting the data into the table correctly.

    Here is the var_dump result.
    array(2) { ["i"]=> string(1) "6" ["u"]=> string(8) "serihon;" }

    If you look closely at the var_dump result you will notice that the username has a semi-colon appended to the end of it. Turns out another issue with this was in the code below.

    Code:
    <input type="image" src="images/prayingHands.png" alt="praying hands" onclick="prayFor('<?php echo $id; ?>','<?php echo "$un;" ?>');" />
    The $un has the semi-colon inside of the parenthesis rather than on the outside which caused this error. I was so determined that it was an error with parenthesis that I somehow botched this portion up. I know my original code doesn't show it but it was an error I fixed.

    So the code is working properly as intended now.

    Thanks for all of your help Dormilich. Guess I just need to figure out prepared statements now.

    Thanks!

  • #12
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,294
    Thanks
    13
    Thanked 345 Times in 341 Posts
    Quote Originally Posted by Serihon View Post
    If you look closely at the var_dump result you will notice that the username has a semi-colon appended to the end of it. Turns out another issue with this was in the code below.

    Code:
    <input type="image" src="images/prayingHands.png" alt="praying hands" onclick="prayFor('<?php echo $id; ?>','<?php echo "$un;" ?>');" />
    to avoid this issue never put a variable in quotes where not necessary, since echo automatically converts the variable into a string.
    PHP Code:
    // unnecessary
    echo "$myvar";

    // better
    echo $myvar
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •