One more PHP question
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: One more PHP question

  1. #1
    Senior Member
    Join Date
    Apr 2004
    Posts
    228

    Question One more PHP question

    Hi.

    I'm trying to make something like Javascript's 'onclick' function in PHP.

    Clicking text should start a function and the text should be passed as an argument to the function it starts.

    Can't seem to find how to do it.

    'Google People' are welcome to give ideas on which serch words to use
    Don\'t post if you\'ve got nothing constructive to say. Flooding is annoying

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    Not possible. You have to use JavaScript to do onclick();.


    PHP is the PHP Hypertext Preprocessor. Preprocessor being the key word there.

    PHP is what happens to a *.php file before the browser ever sees it. The hypertext (HTML) is preprocessed (PHP) and the results of that processing are sent to the browser. If there is "<PHP ... ?>" in the file the PHP Preprocessor is looking at, it executes the code in there before returning it to the person requesting the information. From there the browser displays the output.


    Basically, PHP is all server-side. The web browser (and Javascript) is client-side. You can have them interact through CGI (HTTP), though.

    If you look at the URL in your browser right now, you'll see something like "http://www.antionline.com/showthread.php?s=&threadid=268076". The "?s=&threadid=268076" part of that URL provides information to the server on what thread you're looking at. Unless you pass this information somehow, your PHP application will be quite hopeless at interacting with a user. So you need to come up with a way to mix client-side (JavaScript) code so that it can talk to your server through these kinds of URLs in a useful way to be productive to your goals.


    Cheers.

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Posts
    228
    OK.

    That's what I did so far

    <a href = 'pagename.php?NameOfTheParameter=$NamOfTheVariable'>$Variable</a>


    on the other page.

    $Variable = FunctionName($_GET['NameOfTheParameter']);


    The problem is that Function I import the data in to returns NULL.

    Am I making a mistake on transfering data?
    Don\'t post if you\'ve got nothing constructive to say. Flooding is annoying

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    First: The answer by Tim_axe was excellent!

    Second - To your new problem: Actually, what is the problem?
    What do you want to do? You want to provide a couple of links,
    each with a different parameter, which influences what you
    do server side?

    When you click on your link, is $NameOfTheVariable actually set? (check the URL)

    Is $_GET['NameOfTheParameter'] actually set? A superglobals[1,2]-problem?
    Why complicate things with the FunctionName-function? What should this function do?
    Otherwise, the syntax looks ~correct (works for me).

    Let us track the problem down (which version of PHP anyway?). Use something
    like
    Code:
        echo $_GET['NameOfTheParameter'];
    or (old, obsolete way)

    Code:
        global $_GET; 
        if ($HTTP_GET_VARS!=NULL){
                    $myGET_debug=$HTTP_GET_VARS;
    
                    if (isset($myGET_debug["NameOfTheParameter"])){
                           ...
                    }
       }
    Note: As of PHP 5.0.0, the long PHP predefined variable
    arrays may be disabled with the register_long_arrays
    directive.


    Cheers.


    [1] http://www.php.net/manual/en/languag...predefined.php
    [2] http://www.php.net/manual/en/reserve...iables.globals
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  5. #5
    Senior Member
    Join Date
    Apr 2004
    Posts
    228
    OK.I'm using PHP5.

    I would of shown the whole site, but at the moment the server is set up for designing the site, so it's far from secure.

    Hopefuly by tomorrow I'll finish the basic site setup and will be able to reconfigure the server.

    So far I got the problem sorted. Will be glad to let you lot to test the site
    Don\'t post if you\'ve got nothing constructive to say. Flooding is annoying

  6. #6
    Senior Member
    Join Date
    Apr 2004
    Posts
    228
    I just got a PM asking me to expand a bit on the problem.

    I am working on the prototype site for a tourist company which will be later expanded.

    One of the pages shows destinations to which the company takes people. Each destination holds a number of hotel (so far 1 each ).

    I display destinations, by getting their data from the MySQL Server.

    I do this using next code:

    <?php

    require ("Functions.php");


    #Connect to the database
    $link = Connect();


    #query the database for the information
    $query ="SELECT * FROM destinations
    WHERE Held_In_Destination = 1";

    $result = mysqli_query ($link,$query);


    #display the result of the query
    while ($row = mysqli_fetch_array($result))

    {
    extract ($row);

    #Display the results and Set up a link to show
    #which hotels are in the given location
    #Clicking the link will take a customer to a page showing
    #all the hotels in the location they picked.
    echo "<tr><td><a href='Hotels.php?id=$Destination_ID'>
    $Destination_Name</a></td></tr>";
    echo "<tr><td>$Destination_Description<br><br></td></tr>";

    }


    ?>

    Now as you can see from the code I am setting up a link in the output of the page to the Hotels.php page.


    echo "<tr><td><a href='Hotels.php?id=$Destination_ID'>
    $Destination_Name</a></td></tr>";

    Hotels.php - uses a predefined fumction which I placed in Funktions.php. The function is going to be used elsewhere.

    This also allows me to have shorter code:

    <?php

    # calling function to select a hotel in a destination

    $result=Hotels($_GET['id']);

    #show hotels

    while ($row = mysqli_fetch_array($result))
    {

    extract ($row);

    echo "<tr><td>$Hotel_Name</td></tr>";
    echo "<tr><td>$Hotel_Description</td></tr>";

    }
    ?>
    Don\'t post if you\'ve got nothing constructive to say. Flooding is annoying

  7. #7
    Senior Member
    Join Date
    Apr 2004
    Posts
    228
    Now as I am only a couple of weeks old in PHP, I can admit that all this is prety new to me.

    Although, I am going to improve fast , as there seem to be a couple more projects coming my way.
    Don\'t post if you\'ve got nothing constructive to say. Flooding is annoying

  8. #8
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Nightcat, thank you for elaborating. I assume, the _GET-variables do
    work now, and your function gets the correct parameter?

    INJECTION WARNING: It looks like the id-field-value is used as an
    input-parameter for another SQL-query. Be aware of injection! Make sure,
    that the parameter passed to the query is in a valid format (ie a number,
    not a ', =, ... ). I guess, this is what your function FunctionName is for?

    Cheers!
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  9. #9
    Senior Member
    Join Date
    Apr 2004
    Posts
    228
    The query will only work with an integer. Anything else should fail.

    As I said. I'll make the site public, once it has been finished, so you'll be welcome to test it.
    Don\'t post if you\'ve got nothing constructive to say. Flooding is annoying

  10. #10
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    Whenever you get input from a user, make sure to make it safe first! (Incase you haven't yet) If someone replaced the link so that "id" = something like "';attack_query" mySQL would execute the attack_query. Which would of course be a problem if they decided to drop the table or something...


    Be sure to check out the PHP function mysql_real_escape_string() @ http://us3.php.net/mysql_real_escape_string

    Also these articles may be of interest to look at -- http://www.securityfocus.com/infocus/1704 :: http://www.securityfocus.com/infocus/1709

    Cheers


    Edit: sec_ware beat me to it. But you may want to post your filtering, because even if it is supposed to be an integer, it is possible to inject a query that successfully completes if proper input filtering is not followed. (having a function making sure it is an integer is considered input filtering)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides