up vote 0 down vote favorite

I am trying to validate input login via javascript by passing PHP variables. I cannot execute it properly for some reason. I'd appreciate your comments. Here's the code:

PHP:

$personal = mysqli_query($connect,"SELECT * FROM basic ORDER BY user_id DESC ");
while($row = mysqli_fetch_array($personal)){
    $user = $row['username'];
    $user_password = $row['password'];
}

Javascript / jQuery:

function enter_log() { 
    var login_username =  $("#username_field_log");
    var pass_password =  $("#pass_field_log");
    var button =  $("#enter_field_log");
    var php = "<?= echo $user; ?>";

    if ((login_username.val() == "") || (pass_password.val() == "")) { 
        $("#user_log_info").fadeIn('slow');
        $("#user_log_info").text("Not a proper login input");
        login_username.addClass("error");
        pass_password.addClass("error");
        return false;
    }
    else if ((login_username.val() != php ) || (pass_password.val() == "")) { 
        $("#user_log_info").fadeIn('slow');
        $("#user_log_info").text("Not a proper login input");
        login_username.addClass("error");
        pass_password.addClass("error");
        return false;
    } 
}

So in other words - the code should return false ( and it does so ) when the fields are empty but it doesn't return TRUE when the input is correct ( I mean when the username is correct ) so I assume the PHP variable $user is not passed by correctly to javascript?

share|improve this question
67% accept rate
3  
I would recommend not sending their password over the wire in your response. – Ek0nomik Sep 16 '11 at 21:22
well you're resetting $user multiple times through a loop. That doesn't seem useful. Also how are you sending the input to PHP? You seem to say that as soon as they enter a correct entry it should validate but that's not going to work because the page wasn't submitted. – Cfreak Sep 16 '11 at 21:25
1  
It looks like you may not have included enough of your javascript code for us to help. Your snippet doesn't include anything like a return true; statement where the function would return true. – adpalumbo Sep 16 '11 at 21:25
1  
You could just look into the page source to see what got embedded in the JS block. it's not a black box, you know. – Marc B Sep 16 '11 at 21:25
The password is md5 encrypted. – Mr X Sep 16 '11 at 21:25
show 8 more comments
feedback

4 Answers

up vote 1 down vote accepted

Validation should not be done via Javascript. For any number of reasons I can crack open Firebug or Chrome and hack your web page if you validate there. You should use PHP code for your validation and make sure you properly sanitize your input.

Regarding your use of PHP tags:

 var php = "<?php echo $user; ?>";

Is how you should write your code. Per the PHP Manual

http://www.php.net/manual/en/language.basic-syntax.phpmode.php

1.  <?php echo 'if you want to serve XHTML or XML documents, do it like this'; ?>

2.  <script language="php">
        echo 'some editors (like FrontPage) don\'t
              like processing instructions';
    </script>

3.  <? echo 'this is the simplest, an SGML processing instruction'; ?>
    <?= expression ?> This is a shortcut for "<? echo expression ?>"

4.  <% echo 'You may optionally use ASP-style tags'; %>
    <%= $variable; # This is a shortcut for "<% echo . . ." %>

Item 1 is actually the preferred format.

Short tags (example three) are only available when they are enabled via the short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option.

share|improve this answer
Yes - thank you! I know very well you shouldn't validate through javascript - Regardless - why it returns false on correct username input ?? That was my question - thank you.. – Mr X Sep 16 '11 at 21:43
feedback
up vote 0 down vote

I am in agreement that you should not be validating things like this.

Use JS to validate the form on submit to ensure its completed and all sections are complete, then use php or any scripting language then to do a server side validation.

If you want it so that if it fails then the JS displays a message then rather than passing the user details etc then pass a simple php boolean to a variable

for instance

var userValid =

The php $valResult will be the result given by the db check etc

then use this js variable.

share|improve this answer
feedback
up vote -1 down vote

A simple, reliable PHP to Javascript encoder is json_encode.

var jsVal = <?php echo json_encode($phpVal); ?>; // note trailing semicolon!
share|improve this answer
1  
He's not using JSON – Cfreak Sep 16 '11 at 21:32
Thank you all guys for your comments ! – Mr X Sep 16 '11 at 22:05
@Cfreak json_encode correctly encodes scalars, too, so you don't have to worry about quoting strings. – mrclay Oct 15 '11 at 19:02
feedback
up vote 0 down vote

It should be var php = "<? echo $user; ?>";

or

var php = "<?= $user; ?>";

echo and <?= is not needed

share|improve this answer
feedback

Your Answer

 
or
required, but never shown
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.