passing a php variable into javascript function

Question

I am trying to pass a php value, obtained from a join query, to a javascript function. The javascript function will open a new window and show some data based on the passed value.My query works fine but the php value is not passed to the JS function.

My code :

<script type="text/javascript">

   function product(var) {
    window.open( "view_product_info.php?var", "myWindow", 
    "status = 1, height = 300, width = 300, resizable = 0" )
    }
 </script>

\\ the line where i am trying to pass the php varibale

 echo '<td align="center" ><a href="javascript:product('.$product_id.');"> <br/> '.$row['product_name'].'</a></td>';

why the php value $product_id is not passed to the product function.

Thanks in advance.

The code:

     <script type="text/javascript">
       <!--
    function product(var) {
    window.open( "view_product_info.php?id", "myWindow", 
     "status = 1, height = 300, width = 300, resizable = 0" )
      }
     function company() {
       window.open( "index.php", "myWindow", 
        "status = 1, height = 300, width = 300, resizable = 0" )
   }
     function category() {
        window.open( "index.php", "myWindow", 
     "status = 1, height = 300, width = 300, resizable = 0" )
 }

//-->

      <?php include("includes/header.php"); 


       $search = $_POST['search'];
       $sql= "my query1..";

       $sql2= "my query2";

       $result=mysql_query($sql);
       $result2=mysql_query($sql2);
     if($result) {
            echo '<center>';
    echo '<table cellpadding="0" cellspacing="0" border="1" width="100%">';
    echo '<tr><th>Sr No.</th><th>Product Name</th><th>Company      Name</th>         <th>Category</th></tr>';
               $number=1;
                 while ($row = mysql_fetch_array($result)){
                $row2 = mysql_fetch_array($result2);
                echo $product_id=$row2[product_id];

       echo '<tr> ';
        echo '<td align="center" >'.$number.'</td>';


                     echo '<td align="center" ><a href="javascript:product('<?= $product_id?>')">

''';

            echo '<td align="center"><a href="javascript:company()" ><br/>  '.$row['company_name'].'</td>';
echo '<td align="center"><a href="javascript:category()" ><br/>  '.$row['category_name'].'</td>';

   $number=$number+1;

          }echo '</tr>';
     echo'</table>';
          echo'</center>'; 

}
         else {
       echo "No data found";
    //echo mysql_error();

       }
       }
      }
     ?>

Shomz · Accepted Answer · 2013-08-25 04:48:19Z

If it's not a number, you need to quote it:

<?php
echo '<td align="center" ><a href="javascript:product(\''.$product_id.'\');">
<br/> '.$row['product_name'].'</a></td>';
?>

Or, a neater way, use php just when needed (no PHP tags around, it's HTML with inserted PHP):

<td align="center" ><a href="javascript:product('<?= $product_id ?>')"> 
<br/><?= $row['product_name'] ?></a></td>

You can also define a JavaScript value and assign the PHP value to it and then use it, like:

var pid = '<?= $product_id ?>'; // then call product(pid)
etc...

EDIT

Code fix.

This:

<?php
...
// php stuff
...

echo '<tr> ';
echo '<td align="center" >'.$number.'</td>';

echo '<td align="center" ><a href="javascript:product('<?= $product_id?>')"> 
<br/>'<?= $row['product_name']?>'</a></td>';

echo '<td align="center"><a href="javascript:company()" ><br/>  '.$row['company_name'].'</td>';
echo '<td align="center"><a href="javascript:category()" ><br/>  '.$row['category_name'].'</td>';

$number=$number+1;

}echo '</tr>';
echo'</table>';
echo'</center>';

Can become something like this:

<?php
...
// php stuff
...

?> // close the PHP tag and switch to HTML
<tr>
<td align="center" ><?= $number ?></td>
<td align="center" ><a href="javascript:product('<?= $product_id?>')"> <br/>'<?= $row['product_name']?>'</a></td>

<td align="center"><a href="javascript:company()" ><br/> <?= $row['company_name'] ?></td>
<td align="center"><a href="javascript:category()" ><br/> <?= $row['category_name'] ?></td>

 <?php  // reopen PHP tag when needed
 $number++; // incrementation simplified
 }
 ?> // close again
 </tr>
 </table>
 </center>

Something like that.

Also, read here about the deprecated mysql_* functions and why you should switch to mysqli_* or PDO.

thanks..but it's still not working. firebug is showing the following error: SyntaxError: missing formal parameter function product(var) { — Mar Far, Aug 25 at 4:03
i had already had mine in. just needed to change the quotes. — Smith Smithy, Aug 25 at 4:07

Amit Malakar · Answer 2 · 2013-08-25 04:03:53Z

Try this:

...
...
</script>

\\ the line where i am trying to pass the php varibale
<?php
   echo '<td align="center" ><a href="javascript:product('.$product_id.');"> <br/> '.$row['product_name'].'</a></td>';
?>

Abhi Beckert · Answer 3 · 2013-08-25 04:35:15Z

You need to be careful when doing this, as it can allow a hacker to take over your server in many situations.

The correct approach is to use json_encode and htmlspecialchars. Failing to do both is a security risk. Read up on the documentation for each to learn what they do.

Here is the correct, and safe, way to do it:

 $escaped_product_id = htmlspecialchars(json_encode($product_id));
 $escaped_product_name = htmlspecialchars($row['product_name']);
 echo '<td align="center" ><a href="javascript:product('.$escaped_product_id.');"> <br/> '.$escaped_product_name.'</a></td>';

asked	3 months ago
viewed	756 times
active	3 months ago

Explore our sites

passing a php variable into javascript function

3 Answers

Your Answer

Not the answer you're looking for? Browse other questions tagged php javascript or ask your own question.

Community Bulletin

Explore our sites

passing a php variable into javascript function

3 Answers

Your Answer

Sign up or login

Post as a guest

Not the answer you're looking for? Browse other questions tagged php javascript or ask your own question.

Community Bulletin

Related