current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite
1

This question already has an answer here:

I am trying to pass a php value, obtained from a join query, to a javascript function. The javascript function will open a new window and show some data based on the passed value.My query works fine but the php value is not passed to the JS function.

My code :

<script type="text/javascript">

   function product(var) {
    window.open( "view_product_info.php?var", "myWindow", 
    "status = 1, height = 300, width = 300, resizable = 0" )
    }
 </script>

\\ the line where i am trying to pass the php varibale

 echo '<td align="center" ><a href="javascript:product('.$product_id.');"> <br/> '.$row['product_name'].'</a></td>';

why the php value $product_id is not passed to the product function.

Thanks in advance.

The code:

     <script type="text/javascript">
       <!--
    function product(var) {
    window.open( "view_product_info.php?id", "myWindow", 
     "status = 1, height = 300, width = 300, resizable = 0" )
      }
     function company() {
       window.open( "index.php", "myWindow", 
        "status = 1, height = 300, width = 300, resizable = 0" )
   }
     function category() {
        window.open( "index.php", "myWindow", 
     "status = 1, height = 300, width = 300, resizable = 0" )
 }

//--> 

      <?php include("includes/header.php"); 


       $search = $_POST['search'];
       $sql= "my query1..";

       $sql2= "my query2";

       $result=mysql_query($sql);
       $result2=mysql_query($sql2);
     if($result) {
            echo '<center>';
    echo '<table cellpadding="0" cellspacing="0" border="1" width="100%">';
    echo '<tr><th>Sr No.</th><th>Product Name</th><th>Company      Name</th>         <th>Category</th></tr>';
               $number=1;
                 while ($row = mysql_fetch_array($result)){
                $row2 = mysql_fetch_array($result2);
                echo $product_id=$row2[product_id];

       echo '<tr> ';
        echo '<td align="center" >'.$number.'</td>';


                     echo '<td align="center" ><a href="javascript:product('<?= $product_id?>')">


''';

            echo '<td align="center"><a href="javascript:company()" ><br/>  '.$row['company_name'].'</td>';
echo '<td align="center"><a href="javascript:category()" ><br/>  '.$row['category_name'].'</td>';

   $number=$number+1;

          }echo '</tr>';
     echo'</table>';
          echo'</center>'; 

}
         else {
       echo "No data found";
    //echo mysql_error();

       }
       }
      }
     ?>
share|improve this question

marked as duplicate by Second Rikudo May 19 at 15:38

This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
    
What does the rendered HTML show? –  j08691 Aug 25 '13 at 3:58

3 Answers 3

up vote 0 down vote accepted

If it's not a number, you need to quote it: 

<?php
echo '<td align="center" ><a href="javascript:product(\''.$product_id.'\');">
<br/> '.$row['product_name'].'</a></td>';
?>

Or, a neater way, use php just when needed (no PHP tags around, it's HTML with inserted PHP): 

<td align="center" ><a href="javascript:product('<?= $product_id ?>')"> 
<br/><?= $row['product_name'] ?></a></td>

You can also define a JavaScript value and assign the PHP value to it and then use it, like: 

var pid = '<?= $product_id ?>'; // then call product(pid)
etc...

EDIT

Code fix.

This: 

<?php
...
// php stuff
...

echo '<tr> ';
echo '<td align="center" >'.$number.'</td>';

echo '<td align="center" ><a href="javascript:product('<?= $product_id?>')"> 
<br/>'<?= $row['product_name']?>'</a></td>';

echo '<td align="center"><a href="javascript:company()" ><br/>  '.$row['company_name'].'</td>';
echo '<td align="center"><a href="javascript:category()" ><br/>  '.$row['category_name'].'</td>';

$number=$number+1;

}echo '</tr>';
echo'</table>';
echo'</center>';

Can become something like this: 

<?php
...
// php stuff
...

?> // close the PHP tag and switch to HTML
<tr>
<td align="center" ><?= $number ?></td>
<td align="center" ><a href="javascript:product('<?= $product_id?>')"> <br/>'<?= $row['product_name']?>'</a></td>

<td align="center"><a href="javascript:company()" ><br/> <?= $row['company_name'] ?></td>
<td align="center"><a href="javascript:category()" ><br/> <?= $row['category_name'] ?></td>

 <?php  // reopen PHP tag when needed
 $number++; // incrementation simplified
 }
 ?> // close again
 </tr>
 </table>
 </center>

Something like that.

Also, read here about the deprecated mysql_* functions and why you should switch to mysqli_* or PDO.

share|improve this answer
    
opps you are right.. –  Smith Smithy Aug 25 '13 at 3:59
    
thanks..but it's still not working. firebug is showing the following error: SyntaxError: missing formal parameter function product(var) { –  Mar Far Aug 25 '13 at 4:03
    
@SmithSmithy But why would you copy my answer??? –  Shomz Aug 25 '13 at 4:04
    
@MarFar Which method did you try? –  Shomz Aug 25 '13 at 4:06
    
i had already had mine in. just needed to change the quotes. –  Smith Smithy Aug 25 '13 at 4:07
up vote 1 down vote

Try this:

...
...
</script>

\\ the line where i am trying to pass the php varibale
<?php
   echo '<td align="center" ><a href="javascript:product('.$product_id.');"> <br/> '.$row['product_name'].'</a></td>';
?>
share|improve this answer
up vote 0 down vote

You need to be careful when doing this, as it can allow a hacker to take over your server in many situations.

The correct approach is to use json_encode and htmlspecialchars. Failing to do both is a security risk. Read up on the documentation for each to learn what they do.

Here is the correct, and safe, way to do it:

 $escaped_product_id = htmlspecialchars(json_encode($product_id));
 $escaped_product_name = htmlspecialchars($row['product_name']);
 echo '<td align="center" ><a href="javascript:product('.$escaped_product_id.');"> <br/> '.$escaped_product_name.'</a></td>';
share|improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.