0

所以我有这个:

/* ---------------------------- */
/* XMLHTTPRequest Enable */
/* ---------------------------- */
function createObject() {  
var request_type;
var browser = navigator.appName;
if(browser == "Microsoft Internet Explorer"){
request_type = new ActiveXObject("Microsoft.XMLHTTP");
}else{
request_type = new XMLHttpRequest();
}
return request_type;
}

var http = createObject();
/* -------------------------- */
/* INSERT */
/* -------------------------- */
var nocache = 0;
function insert() {
document.getElementById('insert_response').innerHTML = "Please Wait. "
var fID= encodeURI(document.getElementById('fID').value);
var kommentar= encodeURI(document.getElementById('kommentar').value);
nocache = Math.random();
// Pass variables like URL variable
http.open('get', 'insert.php?fID='+fID+'&kommentar=' +kommentar+'&nocache = '+nocache);
http.onreadystatechange = insertReply;
http.send(null);
}
function insertReply() {
if(http.readyState == 4){
var response = http.responseText;
document.getElementById('insert_response').innerHTML = ''+response;
}
} 

我在 index.php 中有这个。在那里你可以写评论,然后按提交。当您按下提交时,它会运行此脚本:: 将变量传递给 insert.php,并在 insert_response 中显示响应。在 insert.php 中,它将注释插入到数据库中。

<?php
            mysql_query("INSERT INTO comments (fID, navn, kommentar, dato) VALUES ('$fID', '$pusername' ,'$kommentar', '$dato')") or
                die(mysql_error());
echo "Comment successfully";
?>
<script type="text/javascript">
if (window.parent) {
    window.parent.someFunction('hello world');
}
</script>

那是我的 insert.php^,正如你所见,我想向 window.parent 发送消息“hello world”。

但由于某种原因它不会工作,就像它不想将此脚本内嵌到 insert_response div。

现在window.parent,我想的是我的index.php,我有这个:

<script type="text/javascript">
function someFunction(msg) {
    alert(msg);
}
</script>

谢谢!

Insert.php,分派到客户端:

<?php
ob_start();
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header('Content-type: text/html; charset=utf-8');
include('../tilslut.php');
    define('IN_PHPBB', true);
    $phpbb_root_path = '../../../';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);

    // Start session management
    $user->session_begin();
    $auth->acl($user->data);
    $user->setup(); 
    $pusername = $user->data['username'];
if($user->data['is_registered']){
?>
<!-- Verify if user exists for login -->
<html>
<head>
<link href="../style.css" type="text/css" rel="stylesheet" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
<script type="text/javascript" src="../ajax_framework.js" language="javascript" charset="UTF-8"></script>
</head>
<body> 
<?php
if(isset($_GET['fID']) && isset($_GET['kommentar'])){
$fID= $_GET['fID'];
$kommentar= $_GET['kommentar'];
       $resultat = mysql_query("SELECT * FROM member_filmcomments WHERE navn = '".mysql_real_escape_string($pusername)."' AND fID = '$fID'") or
            die(mysql_error());
        $row = mysql_fetch_array($resultat);
$resultat2 = mysql_query("SELECT * FROM member_filmcomments WHERE navn = '".mysql_real_escape_string($pusername)."' AND kommentar = '".$kommentar."' AND fID = '".$fID."'") or die(mysql_error());
        $row2 = mysql_fetch_array($resultat2);
        $k10check = mysql_query("SELECT * FROM member_filmcomments WHERE navn = '".mysql_real_escape_string($pusername)."'") or die(mysql_error());
$oldtimecheck = mysql_query("SELECT dato FROM member_filmcomments WHERE navn = '".mysql_real_escape_string($pusername)."' AND fID = '".$fID."'") or die(mysql_error());
$oldtimec = mysql_fetch_array($oldtimecheck);
$realDate = $oldtimec["dato"];
                if(empty($kommentar)){
        echo "Tomt! Du skal indtaste en kommentar i feltet.";
                }elseif (mysql_num_rows($resultat2) == 1) {
        echo "Dobbelpost. Du har allerede skrevet samme kommentar én gang.";
                }elseif( (strtotime($realDate) + 120) > time() ) {
        echo "Vent venligst 2 minutter, før du skriver en ny kommentar i samme klip!";
                }else{
                $dato = date("Y-m-d H:i:s"); 
                $pointsystem = mysql_query("SELECT gpk, gpk10 FROM member_pointsystem");
                $row = mysql_fetch_array($pointsystem);
                $k10 = mysql_real_escape_string($row["gpk10"]);
                $earning = mysql_real_escape_string($row["gpk"]);
                        if (mysql_num_rows($k10check) == 10) {
mysql_query("UPDATE member_profile SET points = points+$k10") or die(mysql_error());
echo "<b>Du har fået +".$k10." Points, for at have kommenteret 10 gange i video-sektionen!</b><br>";
}
mysql_query("UPDATE member_profile SET points = points+$earning") or die(mysql_error());
            mysql_query("INSERT INTO member_filmcomments (fID, navn, kommentar, dato) VALUES ('$fID', '$pusername' ,'$kommentar', '$dato')") or
                die(mysql_error());
?>
if (window.parent) {
    window.parent.someFunction('hello world');
}
<?
}
}
?>
<!-- Footer End of user logged in --> 
<?
}else{
echo "Authorited Users Only!";
}
ob_flush();
?>
4

1 回答 1

0

<script为什么不简单地评估下载的代码,而不是嵌入标签?当然,您必须信任服务器,并且响应必须始终是 javascript。

服务器端

<?php
            mysql_query("INSERT INTO comments (fID, navn, kommentar, dato) VALUES ('$fID', '$pusername' ,'$kommentar', '$dato')") or
                die(mysql_error());
echo "Comment successfully";
?>
if (window.parent) {
    window.parent.someFunction('hello world');
}

客户端

function insertReply() {
if(http.readyState == 4){
var response = http.responseText;
eval(response);
}
}
于 2010-02-20T14:14:22.000 回答