Page 1 of 1

javascript with php

Posted: Mon May 08, 2006 5:54 am
by itsmani1

Code: Select all

<script language="javascript" type="text/javascript">
function login()
{
	var temp = document.form2.login.value ;
	if(temp.length < 4)
	{
		alert('Login id should be atleast 4 characters long');
		return false;
	}
	else if(temp.length > 20)
	{
		alert('Login id should not be more than 5 characters');
		return false;
	}
	else
	{
		[php]
			mysql_query("select `loginid` from users where loginid = temp ") or die(mysql_error());
		[/php]
		return true;
	}
}
</script>
this is not a correct way of passing perameters to javascript. Can anyone tell me wha's the correct way of passign it.

thanks.

Posted: Mon May 08, 2006 8:34 am
by Verminox
Well you cannot actually combine a javascript function with a php code. This is because PHP is server side, that is, the script is parsed and executed before the page loads, whereas javascript is client side, which works only after the page loads.


I suggest doing the entire login script in PHP using the 'post' method for submitting the form to a PHP script.

If you want to use Javascript, then use something like this:


Code: Select all

<script language="javascript" type="text/javascript">
function login()
{
   var temp = document.form2.login.value ;
   if(temp.length < 4)
   {
      alert('Login id should be atleast 4 characters long');
      return false;
   }
   else if(temp.length > 20)
   {
      alert('Login id should not be more than 5 characters');
      return false;
   }
   else
   {
      window.location = "?login="+temp
      return true;
   }
}
</script>

And then make use of the $_GET superglobal to query with the login details.



However, I strongly suggest using PHP to do the entire function of logging in as server side scripts are much more reliable in many ways.

Posted: Mon May 08, 2006 9:14 am
by Maugrim_The_Reaper

Code: Select all

is not a valid opening tag - you should use the <?php ?> pair. Also, as above, you cannot mix javascript and PHP functionality. PHP can inject variables into a HTML+Javascript page, but you cannot control it's execution via javascript. You should use javascript for client side error checking, but always remember that client side validation can be disabled by the user. The values must be checked server side via PHP, and are usually bundled after form submission in the $_POST superglobal array for easy access.

I suggest searching for a simple login script to see how it works - then read up on PHP security in relation to filtering input to add to that.