Page 1 of 1
I need help debugging php
Posted: Mon Jan 02, 2017 10:49 am
by complete
In these few php lines, the first and the last lines are executed without any problem, but the middle two lines are ignored as if they are not even there. Any suggestions?
Code: Select all
echo "<script type='text/javascript'>alert('Web Site Under Test -- line 440');</script>";
$tempstr = addslashes($where_sql);
echo "<script type='text/javascript'>alert('$where_sql -- '".$where_sql."');</script>";
echo "<script type='text/javascript'>alert('Web Site Under Test -- line 445');</script>";
Re: I need help debugging php
Posted: Mon Jan 02, 2017 4:58 pm
by Celauran
What do you mean they're ignored and why the JavaScript? What are you trying to accomplish?
Re: I need help debugging php
Posted: Wed Jan 04, 2017 5:56 am
by thinsoldier
I'm guessing they are not seeing an alert for "$where_sql" and assume that means it's being ignored.
Most likely the quotes in the sql string being echoed are conflicting with the quotes necessary for the javascript concatenation syntax and causing the browser to skip the 2nd script tag entirely.
OP is probably absolute beginner level and not aware of console.log and browser dev tools.
But if they're willing to debug via js alert they might as well just echo the debug data straight to the web page and avoid the possible syntax mishaps of echoing php into js.
Re: I need help debugging php
Posted: Mon Jan 16, 2017 6:34 am
by helloword119
why The output javascript is php ? haha , i think you can use debug and firbug ?
Re: I need help debugging php
Posted: Mon Jan 16, 2017 11:07 pm
by Christopher
Have you checked for Javascript errors in your console when this runs? My guess is that $where_sql has single quotes in it (most SQL does). That would cause a parse error for something like:
Code: Select all
<script type='text/javascript'>alert('SELECT * FROM foo WHERE bar='baz'; ');</script>
Re: I need help debugging php
Posted: Thu Jan 26, 2017 3:19 pm
by Pazuzu156
I noticed you're not escaping the $ in your code either. If you want to show a variable name in a string using double quotes with it's $ then you need to escape it, otherwise PHP will attempt to replace it with the value of that variable.
Christopher wrote:Have you checked for Javascript errors in your console when this runs? My guess is that $where_sql has single quotes in it (most SQL does). That would cause a parse error for something like:
Code: Select all
<script type='text/javascript'>alert('SELECT * FROM foo WHERE bar='baz'; ');</script>
Like Christopher said, it could also be an issue with single quotes. Since you use single quotes within the alert and there are single quotes you likely use within the SQL command itself. Try using this, it escapes the $ and replaces the single with double quotes and escapes them too.
Code: Select all
echo "<script type='text/javascript'>alert(\"\$where_sql -- ".$where_sql."\");</script>";