setting window size and php

Discussion in 'Javascript' started by Annette Block, Sep 29, 2008.

  1. I'm rather new in JavaScript, but I have some experience in php.
    I learned it's rather easy to open a window of a specified size with
    JavaScript, that you need to specify the opened file, but I don't see
    how to do that in php.
    The file I want to open is "detail.php?item=$item". This generates a
    query, which results in a table of at most 5x3 items. I want a window
    size that is of an appropriate size. I tried:
    <SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
    function NewWindow() {"detail.php?item=$item", "new", "width=500, height=300");
    - - - -
    and as hyperlink
    <A HREF="detail.php?item=$item" TARGET="new" onClick="NewWindow();
    return false;">details</A>

    As a matter of fact I tried in the header more than just the example
    shown, but no result. With this I came closest, getting a message that
    my SQL syntax was wrong. Which isn't.

    I also tried setting the window size within the details.php. But then
    all windows became of the same size.

    I know that php is server-side and JavaScript is client-side.

    Any help or hint will be appreciated.
    Annette Block, Sep 29, 2008
    1. Advertisements

  2. Annette Block

    Erwin Moller Guest

    Annette Block schreef:

    Hi Annette,
    Well, you let PHP just put in the right values for JavaScript to use.
    Leave out LANGUAGE="JavaScript".

    Stop using the <!-- also. ;-)

    And you don't want $item of course, you want its value.

    So why don't you put it there? Like this:
    <A HREF="detail.php?item=<?php echo $item; ?>" TARGET="new"
    That means more is wrong.
    I bet your SQL is vunurable to SQL injection.
    If you from PHP take a value from the user, theat it like dangerous
    stuff that will try to corrupt your database. Never trust it.

    SO, do this:
    $itemPassed = (int)$_GET["item"];
    when you expect an integer.

    If you expect a string, make sure you escape it well before feeding to
    your database.
    It is VERY EASY to pass a value that will delete everything in your

    Google for SQL injection for more info.

    SInce you didn't show us code that should do that, we cannot possibly
    comment on it.
    Erwin Moller
    Erwin Moller
    Now dropping all postings from googlegroups.
    Erwin Moller, Sep 29, 2008
    1. Advertisements

  3. Thank you, Erwin.
    Your tips were very helpful. Now I get a window of the right size,
    that is in IE. In Firefox it is still a whole page, but I prefer to
    count my blessings.
    I'm aware of the danger of getting wrong input. In this case the user
    can only click on a number and, if he /she wishes so, more details and
    backgrounds are given.
    However a strange thing happened. I got an error message saying that
    there is an unknown column '$item' in 'where clause'. Of course there
    is a column called 'item'. Somehow the value is not transferred. This
    is also strange as I get no signal about when moving the mouse over
    the hyperlink. I guess this is PHP, so I trust I'll manage sooner or
    later. But thanks for your help.
    Annette Block, Sep 29, 2008
  4. Annette Block

    Erwin Moller Guest

    Annette Block schreef:
    Hi Annette,

    A few tips about debugging that helped me a lot:
    1) When debugging HTML, always FIRST do a 'view source' of the results
    PHP sent you. Simply check if all the things you want in the page are
    put there with their right values.
    2) When debugging postings/requests from a browser to PHP, simply do this:

    echo "<pre>";
    echo "</pre>";

    Or $_GET, or whatever you want to see.
    That way you can easily see WHAT the browser is sending you.

    Best of luck.
    If you need more help with PHP: comp.lang.php

    Erwin Moller

    Erwin Moller
    Now dropping all postings from googlegroups.
    Erwin Moller, Sep 30, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.