1

I am trying to pass a php value, obtained from a join query, to a javascript function. The javascript function will open a new window and show some data based on the passed value.My query works fine but the php value is not passed to the JS function.

My code :

<script type="text/javascript">

   function product(var) {
    window.open( "view_product_info.php?var", "myWindow", 
    "status = 1, height = 300, width = 300, resizable = 0" )
    }
 </script>

\\ the line where i am trying to pass the php varibale

 echo '<td align="center" ><a href="javascript:product('.$product_id.');"> <br/> '.$row['product_name'].'</a></td>';

why the php value $product_id is not passed to the product function.

Thanks in advance.

The code:

     <script type="text/javascript">
       <!--
    function product(var) {
    window.open( "view_product_info.php?id", "myWindow", 
     "status = 1, height = 300, width = 300, resizable = 0" )
      }
     function company() {
       window.open( "index.php", "myWindow", 
        "status = 1, height = 300, width = 300, resizable = 0" )
   }
     function category() {
        window.open( "index.php", "myWindow", 
     "status = 1, height = 300, width = 300, resizable = 0" )
 }

//--> 

      <?php include("includes/header.php"); 


       $search = $_POST['search'];
       $sql= "my query1..";

       $sql2= "my query2";

       $result=mysql_query($sql);
       $result2=mysql_query($sql2);
     if($result) {
            echo '<center>';
    echo '<table cellpadding="0" cellspacing="0" border="1" width="100%">';
    echo '<tr><th>Sr No.</th><th>Product Name</th><th>Company      Name</th>         <th>Category</th></tr>';
               $number=1;
                 while ($row = mysql_fetch_array($result)){
                $row2 = mysql_fetch_array($result2);
                echo $product_id=$row2[product_id];

       echo '<tr> ';
        echo '<td align="center" >'.$number.'</td>';


                     echo '<td align="center" ><a href="javascript:product('<?= $product_id?>')">


''';

            echo '<td align="center"><a href="javascript:company()" ><br/>  '.$row['company_name'].'</td>';
echo '<td align="center"><a href="javascript:category()" ><br/>  '.$row['category_name'].'</td>';

   $number=$number+1;

          }echo '</tr>';
     echo'</table>';
          echo'</center>'; 

}
         else {
       echo "No data found";
    //echo mysql_error();

       }
       }
      }
     ?>
4

3 回答 3

1

如果不是数字,则需要引用它:

<?php
echo '<td align="center" ><a href="javascript:product(\''.$product_id.'\');">
<br/> '.$row['product_name'].'</a></td>';
?>

或者,一种更简洁的方式,只在需要时使用 php(周围没有 PHP 标记,它是插入了 PHP 的 HTML):

<td align="center" ><a href="javascript:product('<?= $product_id ?>')"> 
<br/><?= $row['product_name'] ?></a></td>

您还可以定义一个 JavaScript 值并将 PHP 值分配给它,然后使用它,例如:

var pid = '<?= $product_id ?>'; // then call product(pid)
etc...

编辑

代码修复。

这个:

<?php
...
// php stuff
...

echo '<tr> ';
echo '<td align="center" >'.$number.'</td>';

echo '<td align="center" ><a href="javascript:product('<?= $product_id?>')"> 
<br/>'<?= $row['product_name']?>'</a></td>';

echo '<td align="center"><a href="javascript:company()" ><br/>  '.$row['company_name'].'</td>';
echo '<td align="center"><a href="javascript:category()" ><br/>  '.$row['category_name'].'</td>';

$number=$number+1;

}echo '</tr>';
echo'</table>';
echo'</center>';

可以变成这样:

<?php
...
// php stuff
...

?> // close the PHP tag and switch to HTML
<tr>
<td align="center" ><?= $number ?></td>
<td align="center" ><a href="javascript:product('<?= $product_id?>')"> <br/>'<?= $row['product_name']?>'</a></td>

<td align="center"><a href="javascript:company()" ><br/> <?= $row['company_name'] ?></td>
<td align="center"><a href="javascript:category()" ><br/> <?= $row['category_name'] ?></td>

 <?php  // reopen PHP tag when needed
 $number++; // incrementation simplified
 }
 ?> // close again
 </tr>
 </table>
 </center>

类似的东西。

此外,请阅读此处了解已弃用的 mysql_* 函数以及为什么应该切换到 mysqli_* 或 PDO。

于 2013-08-25T03:58:35.987 回答
1

尝试这个:

...
...
</script>

\\ the line where i am trying to pass the php varibale
<?php
   echo '<td align="center" ><a href="javascript:product('.$product_id.');"> <br/> '.$row['product_name'].'</a></td>';
?>
于 2013-08-25T04:03:53.337 回答
1

执行此操作时需要小心,因为它可以让黑客在许多情况下接管您的服务器。

正确的做法是使用json_encodeand htmlspecialchars。两者都做不到会带来安全风险。阅读每个人的文档以了解他们的工作。

这是正确且安全的方法:

 $escaped_product_id = htmlspecialchars(json_encode($product_id));
 $escaped_product_name = htmlspecialchars($row['product_name']);
 echo '<td align="center" ><a href="javascript:product('.$escaped_product_id.');"> <br/> '.$escaped_product_name.'</a></td>';
于 2013-08-25T04:35:15.863 回答