Hey I have a problem in Javascript-PHP variable passing
heres my php code:
<li id="' . $todo1 . '" class="items">' . $todo1 . '<button onclick="ajaxdelete(' . $todo1 . ')">Delete</button></li>
and heres the javascript function
function ajaxdelete(x){
var hr = new XMLHttpRequest();
var url = "ajaxtododelete.php";
var vars = "todo="+x;
hr.open("POST", url, true);
hr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
hr.onreadystatechange = function() {
if(hr.readyState == 4 && hr.status == 200) {
var return_data = hr.responseText;
document.getElementById("status").innerHTML = return_data;
}
}
hr.send(vars); // Actually execute the request
}
and hers my ajax file:
<?php
session_start();
include_once "connect_to_mysql.php";
$todo = $_POST['todo'];
print "$todo";
$sql = mysql_query("DELETE FROM todo WHERE todo='$todo'");
?>
So instead of outputting the value of '$todo1'(which is wat i want) it outputs :
object HTMLLIElement.Any way around this?
First, you have a major hole in your application for SQL injection. Second, you need to quote the identifer so you are passing the value of the id in the function call instead of a reference to the element itself. Third, you probably ought to be using a framework for this and applying the handlers unobtrusively.
'<li id="' . $todo1 . '" class="items">' . $todo1 . '<button onclick="ajaxdelete(\'' . $todo1 . '\')">Delete</button></li>'
better (using jQuery)
'<li id="' . $todo1 . '" class="items">' . $todo1 . '<button>Delete</button></li>'
<script type="text/javascript">
$(function() {
$('.items').on('click', function() {
var $li = $(this).closest('li');
id = $li.attr('id');
$.post( "ajaxtodelete.php", { "todo" : id }, function() {
$li.remove();
});
});
});
</script>
And fix your PHP to use a parameterized query instead of string concatenation in case someone decides to modify the ids using a browser debugger and change the id in to a SQL command that will drop your entire database -- or retrieve its contents for more nefarious purposes.
Related
i try to make an editable-table on a homepage which automatically save the new entries after you leave the "field" or press enter but something doesnt work.
Everthing is fine until i want to save the new entrie to database.
I fired the PDO-SQL-Statment and it works.
For me it seems to be the table_edit_ajax.php wasnt work but i dont know why!
Hope some of you guys can help me?
Im using a normal mysql database
Homepagecode:
<Table>
$getIDBusinessRessources = $dbPDO->geteditableSingleBusinessRessoure();
foreach($getIDBusinessRessources as $getidBusiness){
$id = $getidBusiness['checkid'] ;
echo '<tr id="'
. $getidBusiness['checkid']
. '" '
. 'class="edit_tr"'
. '>';
// Spalte Ressourcenname
echo '<td class="edit_td">'
.'<span id="RessourceName_'
.$getidBusiness['checkid']
. '" '
. 'class="text">'
.$getidBusiness['Rn']
.'</span>'
.'<input type="text" value="'
.$getidBusiness['Rn']
. '" class="editbox" id="Ressourcname_Input_'
. $getidBusiness['checkid']
.'">'
.'</td>';
// Spalte Amount
echo '<td class="edit_td">'
.'<span id="Amount_'
.$getidBusiness['checkid']
. '" '
. 'class="text">'
.$getidBusiness['AM']
.'</span>'
.'<input type="text" value="'
.$getidBusiness['AM']
. '" class="editbox" id="Amount_Input_'
. $getidBusiness['checkid']
.'" '
.'</td>';
</tr>
</table>
JS:
$( document ).ready(function() {
$(".edit_tr").click(function()
{
var ID=$(this).attr('id');
$("#RessourceName_"+ID).hide();
$("#Amount_"+ID).hide();
$("#Ressourcname_Input_"+ID).show();
$("#Amount_Input_"+ID).show();
}).change(function()
{
var ID=$(this).attr('id');
var first=$("#Ressourcname_Input_"+ID).val();
var last=$("#Amount_Input_"+ID).val();
var dataString = 'id='+ ID +'&RessourceName='+first+'&Amount='+last;
$("#RessourceName_"+ID).html('<img src="img/bearbeiten.png" />'); // Loading image
if(first.length>0&& last.length>0)
{
$.ajax({
type: "POST",
url: "table_edit_ajax.php",
data: dataString,
cache: false,
success: function(html)
{
$("#RessourceName_"+ID).html(first);
$("#Amount_"+ID).html(last);
}
});
}
else
{
alert('Enter something.');
}
});
// Edit input box click action
$(".editbox").mouseup(function()
{
return false
});
// Outside click action
$(document).mouseup(function()
{
$(".editbox").hide();
$(".text").show();
});
Ajax Code:
<?php
include "DBconnection.php";
if($_POST['id']){
$id = $_POST['checkid'];
$RessourceName = $_POST['Rn'];
$Amount = $_POST['AM'];
$dbPDO->UpdateLiveTableEntries($id,$RessourceName, $Amount );
}
?>
and at least the DB-Update code
function UpdateLiveTableEntries($id ,$Ressourcename, $Amount ){
// echo '<script type="text/javascript"> alert("inside");</script>';
$stmt = self::$_db->prepare("UPDATE BalancesheetInput SET RessourceName =:ressname , Amount =:menge WHERE ID =:id");
$stmt->bindParam(":id", $id);
$stmt->bindParam(":ressname", $Ressourcename);
$stmt->bindParam(":menge", $Amount);
$stmt->execute();
}
If you're sending this:
var dataString = 'id='+ ID +'&RessourceName='+first+'&Amount='+last;
^^ ^^^^^^^^^^^^^ ^^^^^^
why are you looking for these?
$id = $_POST['checkid'];
^^^^^---you aren't sending a 'checkid'
$RessourceName = $_POST['Rn'];
^-- you aren't sending an 'Rn'
$Amount = $_POST['AM'];
^^-- you aren't sending an 'AM'
I am [successfully] storing a snippet of jQuery inside a php variable, with values inside the snippet being populated by php script like so:
...//collect necessary variables
$script = "
<script type='text/javascript'>
(function($) {
analytics.identity('" . $cid . "', {
created: '" . $created . "',
email: '" . $email . "',
...: '" . $whatever . "'
});
})(jQuery);
</script>
";
return $script;
I can also [successfully] get the name attribute of all forms on the page like so:
<script type='text/javascript'>
(function($) {
$('form').each(function() {
var formname = $( this ).attr('name');
if(formname !== undefined) {
console.log(index + ':' + encodeURIComponent(formname));
};
});
})(Jquery);
</script>
The problem I'm having (maybe obviously) is the lack of experience with javascript to know how to incorporate the two so my $script would look like so:
$script = "
<script type='text/javascript'>
(function($) {
analytics.identity('" . $cid . "', {
created: '" . $created . "',
email: '" . $email . "',
...: '" . $whatever . "'
});
analytics.trackForm($('form[name="formname1"]'),'Form Submitted', {
lead: formname
});
analytics.trackForm($('form[name="formname2"]'),'Form Submitted', {
lead: formname
});
...//(n) number of form names
})(jQuery);
</script>
";
Latest script added directly to the footer:
<script type="text/javascript">
(function($) {
$('form').each(function() {
var formname = $(this).attr('name');
if( formname !== undefined) {
console.log( formname );
var forms = $('form[name="' + formname + '"]');
var trackforms = analytics.trackForm(forms, 'Submitted Optin Form', { leadmagnet: "'" + formname + '"' });
return trackforms;
}
});
})(jQuery);
</script>
Console.log outputs the one form currently on the page, and if I add another, it outputs that correctly also, but the rest of the code is simply written as is and I'm not getting it.
Thanks again.
document.write(...) is adding the string to the document not to the script.
You need to return the functions you want.
$script = "
<script type='text/javascript'>
(function($) {
analytics.identify('" . $ifs_id . "', {
created: '" . $created . "',
email: '" . $email . "',
firstName: '" . $first_name . "',
leadsource: '" . $lead_source ."'
});
$('form').each(function( index ) {
var formname = $( this ).attr('name');
if( formname !== undefined) {
//console.log( index + ':' + formname );
var forms = $('form[name=\"+formname+\"]);
var trackform = analytics.trackForm(forms, 'Submitted Opt In Form', {
leadmagnet : $( this ).attr('name')
});
return trackform;
}
});
})(jQuery);
</script>
";
return $script;
In my PHP/MySQL while loop when selecting data for an activity feed, I'm trying to show comments underneath each post so that when you click "show", it shows all of the comments.
I'm using the following code in the while loop (so this is dynamically displayed numerous times for each separate update):
<script language="javascript">
function toggle' . $act_item_id . '() {
var ele = document.getElementById("toggleText' . $act_item_id . '");
var text = document.getElementById("displayText' . $act_item_id . '");
if(ele.style.display == "block") {
ele.style.display = "none";
text.innerHTML = "show";
}
else {
ele.style.display = "block";
text.innerHTML = "hide";
}
}
</script>
<a id="displayText' . $act_item_id . '" href="javascript:toggle' . $act_item_id . '();">show</a>
<div id="toggleText' . $act_item_id . '" style="display: none">' . $responseList . '</div>
' . $act_item_id . ' contains the ID of the update, making everything unique.
When you click show, the JavaScript doesn't show the div.
FYI: Content is loaded into another page via an AJAX call.
AJAX call is as follows:
function list_activity(){
var hr = new XMLHttpRequest();
hr.onreadystatechange = function(){
if (hr.readyState==4 && hr.status==200){
document.getElementById("viewActivity").innerHTML = hr.responseText;
}
}
hr.open("GET", "listActivity.php?t=" + Math.random(), true);
hr.send();
}
I'm not entirely sure you can create and call JS functions like that. Besides, I don't see any reason to re-create the function for each section. Why don't you simply parameterize you function and change the parameter each time through?
Define function once
<script>
function toggle(act_item_id) {
var ele = document.getElementById("toggleText' . act_item_id . '");
var text = document.getElementById("displayText' . act_item_id . '");
if(ele.style.display == "block") {
ele.style.display = "none";
text.innerHTML = "show";
}
else {
ele.style.display = "block";
text.innerHTML = "hide";
}
}
</script>
Then you can loop through
while (some condition) {
...
<a id="displayText' . $act_item_id . '" href="javascript:toggle('.$act_item_id.');">show</a>
<div id="toggleText' . $act_item_id . '" style="display: none">' . $responseList . '</div>
...
}
I've a php for loop which finds data from an Json object, and creates based on these information different divs and different links:
echo $remoteTownFB . " - " .
"<a href=\"#\" id=" . $remoteTownFB . "_trigger>" .$eventName . "</a></br>";
After that, I wrote a Java Script to create different divs (with different names) wich should pop up on mouseover (with a Jquery Script)
<script type="text/javascript">
var samplediv = document.createElement('div');
samplediv.id = '<?php echo $remoteTownFB . "_info" ?>';
var txt = document.createTextNode("Informationen über: <?php echo $eventName?>");
document.getElementById('pop-up').appendChild(samplediv);
document.getElementById('pop-up').appendChild(txt);
</script>
My problem is now the Jquery Script. I tried around with $.each on an Array where every Town name is in, but I couldn't figure it out.
This is my base:
$(function() {
var moveLeft = 20;
var moveDown = 10;
$('a#trigger').hover(function(e) {
$('div#pop-up').show().;
}, function() {
$('div#pop-up').hide();
}
);
$('a#trigger').mousemove(function(e) {
$("div#pop-up").css('top', e.pageY + moveDown).css('left', e.pageX + moveLeft);
});
});
Any help or ideas?
First of you forgot to close the id-property:
echo $remoteTownFB . " - " .
"" .$eventName . "</br>";
Then, for the pop-up to work you could try:
<script type="text/javascript">
var samplediv = document.createElement('div');
samplediv.id = '<?php echo $remoteTownFB . "_info" ?>';
samplediv.style.display = 'none';
var txt = document.createTextNode("Informationen über: <?php echo $eventName?>");
samplediv.appendChild(txt);
document.getElementById('pop-up').appendChild(samplediv);
</script>
The jquery part would be:
<script type="text/javascript">
$(function() {
$('a[id$="_trigger"]').hover(
function() {
var targetSelector = '#' + this.getAttribute('id').replace('_trigger', '_info');
$('#pop-up, ' + targetSelector).show();
},
function() {
var targetSelector = '#' + this.getAttribute('id').replace('_trigger', '_info');
$('#pop-up, ' + targetSelector).hide();
}
);
});
</script>
I'm not really sure what you are trying to do with the mousemove call so I left that alone.
I have a PHP file that serves up some HTML populated from a MySQL database and is loaded into the DOM. This data is loaded via jQuery load() method into the #navContent divide of the HTML document. This functions as planed.
At the very-bottom of the HTML doc, I have a click function that targets the #navItem div (see the first echo line of the php file) that was dynamically loaded into the DOM but this does not fire. I know the #navItem tag ID is there because my CSS styles it correctly.
What do I have wrong? For now, I just want all the divides that were dynamically created into the #navContent div to click thru to a URL.
I am a newB and just learning jQuery so corrected code would be very helpful. Thnx
In the HTML:
<html>
<head>
<script type="text/javascript">
. . .
var ajaxLoader = '';
var dns = 'http://www.someURL';
var navContent = '/folder/my_list.php';
var bodyContent = '/folder/index.php/somestuff #content';
$(document).ready(
function() {
loadPage(dns + navContent, "navContent");
loadPage(dns + bodyContent, "bodyContent")
});
. . .
</script>
. . .
</head>
<body>
. . .
<div id="navPanel">
<div id="navHeader">
<img src="images/ic_return.png" style="float: left;"/>
<img id="listSortBtn" src="images/ic_list_sort.png" style="float: right;"/>
<h4 id="navHeaderTitle"></h4>
</div>
<div id="navScrollContainer" class="navContentPosition">
<div id="navContent">NAVIGATION CONTENT GETS DUMPED IN HERE</div>
</div>
</div>
. . .
</body>
<!-- ================ Functions ===================================== -->
<!-- **************************************************************** -->
<script type="text/javascript">
/* --------------- Handle Pg Loading ----------------- */
function loadPage(url, pageName) {
$("#" + pageName).load(url, function(response){
$('#navHeaderTitle').text($(response).attr('title'));
// transition("#" + pageName, "fade", false);
});
};
/* ------------- Click Handler for the Nav Items------ */
$("#navItem").click(function(e) {
e.preventDefault();
var url = 'http://www.google.com';
var pageName = 'navContent';
loadPage(url, pageName);
});
. . .
</script>
</html>
Served PHP File:
<?php
$con = mysql_connect("localhost","root","pw");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("andaero", $con);
$result = mysql_query("SELECT * FROM some_list");
while($row = mysql_fetch_array($result))
{
echo "<div id='navItem' title='My Nav Title'>";
echo "<h1>" . $row['label'] . "</h1>";
echo "<h2>" . $row['title'] . "</h2>";
echo "<p>" . $row['description'] . "</p>";
echo "</div>";
}
mysql_close($con);
?>
You need to initialize that click method AFTER the DOM has been appended with your custom markup. This is a perfect example of a case where OOP programming would do wonders.
You also didn't load the click method into the doc-ready...
<script type="text/javascript">
function MyConstructor()
{
this.ajaxLoader = '';
this.dns = 'http://www.someURL';
this.navContent = '/folder/my_list.php';
this.bodyContent = '/folder/index.php/somestuff #content';
this.loadPage = function( url, pageName )
{
$("#" + pageName).load(url, function(response){
$('#navHeaderTitle').text($(response).attr('title'));
});
this.toggles();
}
this.toggles = function()
{
var t = this;
$("#navItem").click(function(e) {
e.preventDefault();
var url = 'http://www.google.com';
var pageName = 'navContent';
t.loadPage(url, pageName);
});
}
/**************************************
*Init Doc-Ready/Doc-Load methods
**************************************/
this.initialize = function()
{
this.loadPage( this.dns + this.navContent, "navContent");
this.loadPage( this.dns + this.bodyContent, "bodyContent");
}
this.initialize();
}
$( document ).ready( function(){
var mc = new MyConstructor();
//now, you can go ahead and re-run any methods from the mc object :)
//mc.loadPage( arg, 'ye matey' );
});
</script>