JS variable inside of PHP inside of JS inside of PHP [duplicate] - javascript

This question already has answers here:
What is the difference between client-side and server-side programming?
(3 answers)
Closed 4 years ago.
Having a bad day. This one has stumped me all morning. All the solutions I've found have stopped one step short of where I need to go.
I have a legacy PHP/JS app that I'm working on. Rather than trying to explain it, I'll just show what I need to do.
<?php
$phpDate_1 = new Date($someDate);
$phpDate_2 = new Date($someOtherDate);
//...There are a bunch of these
$phpDate_n = new Date($endOfTime);
<script language="javascript">
function myFunction() {
var line = aUserSelection; //an int from user which tells me what date to use
//Next line is the problem. I'm trying to pull the month from the appropriate PHP date into the JS variable.
var theMonth = "<?php echo $phpDate_" + line + "->getMonth();?>";
}
</script>
?>
I must have tried 20-30 combinations of single and double quotes, escapes, dots, pluses, and so on, but I keep getting errors over the "line" part. Unexpected character, encapsed strings, etc.
Hoping someone can point me in the right direction because my brain is fried at this point. Answers in pure JS and PHP only please because that's how the app is built. Thanks.

You need to close your php (?>) before outputting the javascript to fix the syntax error that you got.
However, with that said, you are trying to incorporate the javascript line variable into the variable name for $phpDate, to generate something like $phpDate_1.
If you don't want to go with an AJAX solution, your best bet would be to output each line's date into a javascript array. This is strongly discouraged, but if this is a legacy application that you cannot make many changes to, this might be your only option.

Related

how can i create a reg exp or array to change this?

ok guys i have been working on these, this is like my main project and im pretty anxious about it, i have been practicing but im still a newbie. My code is like this and it does what it has to do, but im thinking that it could be improved to be better and more reusable, sorry to spam if i am, i already asked on the spanish version of the website with no satisfactory answer, im new to web developing and to this site, i always read the content on this site to answer my questions but for this time i didnt know how to exactly use the previous answers to fix my code, since im new to web developing and im trying to use jquery bit by bit. As i said my question is how can i create an array or a reg exp that does all the things this code does? without having to use .replace function all those times
i have tried urlencode function, and tried to iterate over arrays on jquery but i still dont know how to do it properly.
$( ".linkbestia" ).each(function() {
lnk = $(this).text();
enlace= $(this).attr("href");
espacios=lnk.replace(" ","_");
maslimpio=espacios.replace("'","%27");
muchomaslimpio=maslimpio.replace("(","%28");
muchomuchomaslimpio=maslimpio.replace(")","%29");
nuevoenlace=$(this).attr("href",enlace+muchomuchomaslimpio);
});
the actual output is for example codedquote'replaced space as i said it already does what it has to do, but i know it can be improved, i hope you guys help me since in my country these kind of questions cant be answered without a ton of difficulties
what it does right now:
what the user writes would look like this
the result would look like this
If I understand correctly you want to take href from below:
<a class="linknpc" href="url/in/url/url/The%27White_Mob">
and expected output is
The'White_Mob
after you get the href and lets say the var enlace looks like below.
var enlace = "url/in/url/url/The%27White_Mob"
Below will first use String split on '/' to get all sections from href and from resultant array get the last element by pop() and use decodeURIComponent to decode the encoded uri.
var ans = decodeURIComponent(enlace.split('/').pop())
ans would now have the value: The'White_Mob
note: If the href ends with '/' then you need to adjust above solution accordingly

Ban character from all textareas on the page [duplicate]

This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 7 years ago.
I've got a problem. As soon as I enter this little f****r --> ' <-- in my textarea which are sent to a database via AJAX, it stops working. So if I for example enter:
I am a little gnome and I'm glad to meet you. Hug me!
The database will only receive:
I am a little gnome and I
So.. Can I limit all textareas on the page to like A-Z + ÅÄÖ + . , + other regularly used characters which don't ruin my stuff? I am using onchange for the AJAX request, and another eventlistener for keyup to make it work on Safari, if that's of any importance to anyone!
SQL-injection vulnerability, got it. I'm scared, and have stuff to do. Thanks for all answers thus far.
Note
I can see you're starting out, and it's great! You've always gotta find a bug to learn new stuff, and you're learning about SQL Injections now. If I could suggest something, you'd be best to start at PHP The Right Way, it'll help you a truckload.
You're PHP script (that inserts this data into a database) is not sanitized correctly.
We can't do much without seeing your associated code. But I take it you're using mysql_*/mysqli_* functions? We'll the former one is deprecated and removed as of PHP7!
You should start learning either of the following two prepared statement types:
PDO
Mysqli Prepared Statements
From what I assume, you want to escape the string:
$data = mysql_real_escape_string($_POST['data']);
Although, there are still ways around the above escape; your database can still be hacked via SQL Injection, which is not what you want.
As noted by Armadan, to back up my statement above, mysql_real_escape_string() is still by-passable in certain cases, read these:
SQL injection that gets around mysql_real_escape_string()
Bypassing mysql_escape_string while SQL injection attacks
Taking the code you've supplied, you'd use prepare() and execute():
if(isset($_GET['comment1'])) {
if($mysqli = connect_db()) {
$insertcomment1 = $_GET['comment1'];
$stmt = $mysqli->prepare("UPDATE result SET c1=?");
if ( false===$stmt ) {
die('prepare() failed: ' . htmlspecialchars($mysqli->error));
}
$stmt->bind_param('s', $insertcomment1);
// execute
if(!$stmt->execute()){
die('execute() failed: ' . htmlspecialchars($mysqli->error));
}
// handle the rest here.
}
}
You'd be doing something like the above. You're best to read up on the following in relation to prepared statements using MySQLi:
prepare()
bind_param()
execute()

javascript sum user defined numbers [duplicate]

This question already has answers here:
How to add two strings as if they were numbers? [duplicate]
(20 answers)
Closed 7 years ago.
<script language="Javascript">
function monthlyPayment (form) {
var down = form.dPayment.value;
var trade = form.tradeIn.value;
var totalDown = down + trade;
alert ("Total down is " + totalDown);
}
</script>
This is a beginner question as I'm new to Javascript... but I am just trying to make a mock up of a feature I'm trying to implement on my website.
I have a form with two user definable variables for 'Down Payment' and 'Trade-In'. Everything in the code works, except for when it "add's" the numbers (such as $100 + $200), it doesn't output $300, but instead $100200. When I change the sign to multiplication it outputs a correct value.
What am I missing? Is there some .sum or .math code I need to implement? Or is my entire script screwed?
Thank you all for your time and help.
This is a very common mistake people new with javascript make.
the + sign is used to concatenate in javascript, which explains your result is 100200 when you try. What you give him is string, so he just concatenates the two.
use the Number() function to make sure their types become "Number" so your addition will work correctly.
var totalDown = Number(down) + Number(trade);

Passing a parameter to a popup in javascript [duplicate]

This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
JavaScript query string
...Riight. I found the answer to my problem. I'd forgot to add '' around some jsp scriplet tags in my popup window code. Because of this values that should've been strings weren't handled properly.
I'll flag this question for moderator attention. The only thing one can learn from this question is to pay attention when using jsp scriptlets.
I want to open a popup from my .js code using window.open(). I have a couple of parameters that I need to pass to this popup. I'm surprised it's not as simple as I would've thought, I've tried searching for answers but all I found were solutions that were quite complicated - I hope there's a simple answer.
There's a multitude of ways I've tried doing this, but this is how I think it should work..
window.open('../common/MapPopup.jsp?current='+currentPosition+'&areas='+sAreas, 'mywindow', 'width=600,height=450,scrollbars=yes');
I'm at a total loss. Could it be that window.open just doesn't work in this situation?
edit: Currently my page behaves like this. The user presses a form button, which launches a query into our database. From this data a DataTables table is created. As the DataTable is being initialised, so is a piece of jQuery code. I'm using jQuery to open a popup when the user clicks on a row in the DataTables table.
renderReport: function(response){
$('#requestDataContainer').html(response);
oTable = $('#dataTable').dataTable({
"bPaginate": true,
--snip-- //DataTables init
});
var sProcedures = new Array();
var sAreas = new Array();
var sCurrentPosition = null;
$('#dataTable tr').click(function(){
var sCurrentPosition = oTable.fnGetData(this,9);
if(sCurrentPosition!=null){
$('#dataTable').find('tr').each(function(){
var foo = oTable.fnGetData(this);
if(foo!=null){
if(foo[8]!='null')
sAreas.push(foo[8]);
if(foo[7]!='null')
sProcedures.push(foo[7]);
}
});
}
window.open('../common/reportMapPopup.jsp?procedures='+sProcedures+'&areas='+sAreas+'&current='+sCurrentPosition, 'reportMap', 'width=600,height=450,scrollbars=yes');
});
},
I have to admit, I'm quite newbish when it comes to webcode. I'm kind of learning on the go, so the terminology might be new to me and I could be doing things in a really silly way. It could be that I found the answer when I was looking for it on the web, but just didn't realise it.
If the query string in your url gets passed to the window you should be able to access those parameters from the window using JS using the location object(http://www.w3schools.com/jsref/obj_location.asp)
If you have access to the actual page - can you not retieve the params using jsp?

omiting number sign using regex in java script not working [duplicate]

This question already has answers here:
Replace function not replacing [duplicate]
(2 answers)
Closed 8 years ago.
I have written a simple code in a .js file (in Zend framework, but I dont think it matters)
var location = "localhost:8080/mymodule/id/1#";
location.replace(/\#/g, "");
alert(location.valueOf());
return;
but I dont know why I can not see the result I want.
I get my page url and want to omit all number signs appears in it. but the code above does nothing.
please help
location is a bad name to use for a variable since it collides with the window.location variable used for the actual browser page location.
If you change location to loc in your above code, and then also add loc = in front of the loc.replace() call (since replace() doesn't modify the input, but instead returns the new version), your code works.
replace will not change the value of the original string, you need to assign the result to a new variable -
var newString = location.replace(/#/g, "");
alert(newString);
Demo - http://jsfiddle.net/5H5uZ/
It can be done in one line. This is the result you look for?
alert("localhost:8080/mymodule/id/1#".replace(/#/g,''));
//=> alerts 'localhost:8080/mymodule/id/1'

Categories