PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
In these few php lines, the first and the last lines are executed without any problem, but the middle two lines are ignored as if they are not even there. Any suggestions?
echo "<script type='text/javascript'>alert('Web Site Under Test -- line 440');</script>";
$tempstr = addslashes($where_sql);
echo "<script type='text/javascript'>alert('$where_sql -- '".$where_sql."');</script>";
echo "<script type='text/javascript'>alert('Web Site Under Test -- line 445');</script>";
I'm guessing they are not seeing an alert for "$where_sql" and assume that means it's being ignored.
Most likely the quotes in the sql string being echoed are conflicting with the quotes necessary for the javascript concatenation syntax and causing the browser to skip the 2nd script tag entirely.
OP is probably absolute beginner level and not aware of console.log and browser dev tools.
But if they're willing to debug via js alert they might as well just echo the debug data straight to the web page and avoid the possible syntax mishaps of echoing php into js.
Have you checked for Javascript errors in your console when this runs? My guess is that $where_sql has single quotes in it (most SQL does). That would cause a parse error for something like:
I noticed you're not escaping the $ in your code either. If you want to show a variable name in a string using double quotes with it's $ then you need to escape it, otherwise PHP will attempt to replace it with the value of that variable.
Christopher wrote:Have you checked for Javascript errors in your console when this runs? My guess is that $where_sql has single quotes in it (most SQL does). That would cause a parse error for something like:
<script type='text/javascript'>alert('SELECT * FROM foo WHERE bar='baz'; ');</script>
Like Christopher said, it could also be an issue with single quotes. Since you use single quotes within the alert and there are single quotes you likely use within the SQL command itself. Try using this, it escapes the $ and replaces the single with double quotes and escapes them too.