setting window size and php

A

Annette Block

I'm rather new in JavaScript, but I have some experience in php.
I learned it's rather easy to open a window of a specified size with
JavaScript, that you need to specify the opened file, but I don't see
how to do that in php.
The file I want to open is "detail.php?item=$item". This generates a
query, which results in a table of at most 5x3 items. I want a window
size that is of an appropriate size. I tried:
<HEAD>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
<!--
function NewWindow() {
window.open("detail.php?item=$item", "new", "width=500, height=300");
}
//-->
</SCRIPT>
- - - -
</HEAD>
and as hyperlink
<A HREF="detail.php?item=$item" TARGET="new" onClick="NewWindow();
return false;">details</A>

As a matter of fact I tried in the header more than just the example
shown, but no result. With this I came closest, getting a message that
my SQL syntax was wrong. Which isn't.

I also tried setting the window size within the details.php. But then
all windows became of the same size.

I know that php is server-side and JavaScript is client-side.

Any help or hint will be appreciated.
Annette
 
E

Erwin Moller

Annette Block schreef:

Hi Annette,
I'm rather new in JavaScript, but I have some experience in php.
I learned it's rather easy to open a window of a specified size with
JavaScript, that you need to specify the opened file, but I don't see
how to do that in php.

Well, you let PHP just put in the right values for JavaScript to use.
The file I want to open is "detail.php?item=$item". This generates a
query, which results in a table of at most 5x3 items. I want a window
size that is of an appropriate size. I tried:
<HEAD>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">

Leave out LANGUAGE="JavaScript".


Stop using the <!-- also. ;-)

function NewWindow() {
window.open("detail.php?item=$item", "new", "width=500, height=300");
}
//-->
</SCRIPT>
- - - -
</HEAD>
and as hyperlink
<A HREF="detail.php?item=$item" TARGET="new" onClick="NewWindow();
return false;">details</A>

Excactly.
And you don't want $item of course, you want its value.

So why don't you put it there? Like this:
<A HREF="detail.php?item=<?php echo $item; ?>" TARGET="new"
As a matter of fact I tried in the header more than just the example
shown, but no result. With this I came closest, getting a message that
my SQL syntax was wrong. Which isn't.

That means more is wrong.
I bet your SQL is vunurable to SQL injection.
If you from PHP take a value from the user, theat it like dangerous
stuff that will try to corrupt your database. Never trust it.

SO, do this:
$itemPassed = (int)$_GET["item"];
when you expect an integer.

If you expect a string, make sure you escape it well before feeding to
your database.
It is VERY EASY to pass a value that will delete everything in your
database.

Google for SQL injection for more info.

I also tried setting the window size within the details.php. But then
all windows became of the same size.

SInce you didn't show us code that should do that, we cannot possibly
comment on it.
I know that php is server-side and JavaScript is client-side.
Yes.


Any help or hint will be appreciated.
Annette

Regards,
Erwin Moller
--
============================
Erwin Moller
Now dropping all postings from googlegroups.
Why? http://improve-usenet.org/
============================
 
A

Annette Block

Annette Block schreef:

Hi Annette,
I'm rather new in JavaScript, but I have some experience in php.
I learned it's rather easy to open a window of a specified size with
JavaScript, that you need to specify the opened file, but I don't see
how to do that in php.

Well, you let PHP just put in the right values for JavaScript to use.
The file I want to open is "detail.php?item=$item". This generates a
query, which results in a table of at most 5x3 items. I want a window
size that is of an appropriate size. I tried:
<HEAD>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">

Leave out LANGUAGE="JavaScript".


Stop using the <!-- also. ;-)

function NewWindow() {
window.open("detail.php?item=$item", "new", "width=500, height=300");
}
//-->
</SCRIPT>
- - - -
</HEAD>
and as hyperlink
<A HREF="detail.php?item=$item" TARGET="new" onClick="NewWindow();
return false;">details</A>

Excactly.
And you don't want $item of course, you want its value.

So why don't you put it there? Like this:
<A HREF="detail.php?item=<?php echo $item; ?>" TARGET="new"
As a matter of fact I tried in the header more than just the example
shown, but no result. With this I came closest, getting a message that
my SQL syntax was wrong. Which isn't.

That means more is wrong.
I bet your SQL is vunurable to SQL injection.
If you from PHP take a value from the user, theat it like dangerous
stuff that will try to corrupt your database. Never trust it.

SO, do this:
$itemPassed = (int)$_GET["item"];
when you expect an integer.

If you expect a string, make sure you escape it well before feeding to
your database.
It is VERY EASY to pass a value that will delete everything in your
database.

Google for SQL injection for more info.

I also tried setting the window size within the details.php. But then
all windows became of the same size.

SInce you didn't show us code that should do that, we cannot possibly
comment on it.
I know that php is server-side and JavaScript is client-side.
Yes.


Any help or hint will be appreciated.
Annette

Regards,
Erwin Moller

Thank you, Erwin.
Your tips were very helpful. Now I get a window of the right size,
that is in IE. In Firefox it is still a whole page, but I prefer to
count my blessings.
I'm aware of the danger of getting wrong input. In this case the user
can only click on a number and, if he /she wishes so, more details and
backgrounds are given.
However a strange thing happened. I got an error message saying that
there is an unknown column '$item' in 'where clause'. Of course there
is a column called 'item'. Somehow the value is not transferred. This
is also strange as I get no signal about when moving the mouse over
the hyperlink. I guess this is PHP, so I trust I'll manage sooner or
later. But thanks for your help.
Regards,
Annette
 
E

Erwin Moller

Annette Block schreef:
Annette Block schreef:

Hi Annette,
I'm rather new in JavaScript, but I have some experience in php.
I learned it's rather easy to open a window of a specified size with
JavaScript, that you need to specify the opened file, but I don't see
how to do that in php.
Well, you let PHP just put in the right values for JavaScript to use.
The file I want to open is "detail.php?item=$item". This generates a
query, which results in a table of at most 5x3 items. I want a window
size that is of an appropriate size. I tried:
<HEAD>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
Leave out LANGUAGE="JavaScript".

Stop using the <!-- also. ;-)

function NewWindow() {
window.open("detail.php?item=$item", "new", "width=500, height=300");
}
//-->
</SCRIPT>
- - - -
</HEAD>
and as hyperlink
<A HREF="detail.php?item=$item" TARGET="new" onClick="NewWindow();
return false;">details</A>
Excactly.
And you don't want $item of course, you want its value.

So why don't you put it there? Like this:
<A HREF="detail.php?item=<?php echo $item; ?>" TARGET="new"
As a matter of fact I tried in the header more than just the example
shown, but no result. With this I came closest, getting a message that
my SQL syntax was wrong. Which isn't.
That means more is wrong.
I bet your SQL is vunurable to SQL injection.
If you from PHP take a value from the user, theat it like dangerous
stuff that will try to corrupt your database. Never trust it.

SO, do this:
$itemPassed = (int)$_GET["item"];
when you expect an integer.

If you expect a string, make sure you escape it well before feeding to
your database.
It is VERY EASY to pass a value that will delete everything in your
database.

Google for SQL injection for more info.

I also tried setting the window size within the details.php. But then
all windows became of the same size.
SInce you didn't show us code that should do that, we cannot possibly
comment on it.
I know that php is server-side and JavaScript is client-side. Yes.

Any help or hint will be appreciated.
Annette
Regards,
Erwin Moller

Thank you, Erwin.
Your tips were very helpful. Now I get a window of the right size,
that is in IE. In Firefox it is still a whole page, but I prefer to
count my blessings.
I'm aware of the danger of getting wrong input. In this case the user
can only click on a number and, if he /she wishes so, more details and
backgrounds are given.
However a strange thing happened. I got an error message saying that
there is an unknown column '$item' in 'where clause'. Of course there
is a column called 'item'. Somehow the value is not transferred. This
is also strange as I get no signal about when moving the mouse over
the hyperlink. I guess this is PHP, so I trust I'll manage sooner or
later. But thanks for your help.
Regards,
Annette

Hi Annette,

A few tips about debugging that helped me a lot:
1) When debugging HTML, always FIRST do a 'view source' of the results
PHP sent you. Simply check if all the things you want in the page are
put there with their right values.
2) When debugging postings/requests from a browser to PHP, simply do this:

echo "<pre>";
print_r($_POST);
echo "</pre>";
exit;

Or $_GET, or whatever you want to see.
That way you can easily see WHAT the browser is sending you.

Best of luck.
If you need more help with PHP: comp.lang.php

Regards,
Erwin Moller

--
============================
Erwin Moller
Now dropping all postings from googlegroups.
Why? http://improve-usenet.org/
============================
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top