Page 1 of 1

Calling Javascript from PHP

Posted: Tue Jun 27, 2006 10:38 pm
by GeXus
I'm trying to call a javascript function in php, typically I think I just echo out the script tags with the function call.. but this does not seem to work.. any ideas?

Thanks!

Posted: Tue Jun 27, 2006 10:53 pm
by Benjamin
Post your code yo.

Posted: Tue Jun 27, 2006 11:26 pm
by GeXus
Here you go, I'm calling the function "Shake()"

Code: Select all

<?php

function ValidateForm($form, $result)
{
   global $username;
   global $userpassword;
   global $userpassword2;
   global $email;
   
   $username = $form['username'];
   $userpassword = $form['userpassword'];
   $email = $form['email'];
   
   global $errorUsername;
   global $errorPassword;
   global $errorEmail;
   
   if ($username == NULL)
    {
         $errorUsername = "You must enter a username to begin";
    }
   elseif ($result > 0)
	{
		$errorUsername = "This username already exists. Please try another.";
	}

    if ($userpassword == NULL)
        {
        $errorPassword = "You must enter a password.";
        }
    elseif ($userpassword !== $userpassword2)
  	{
		$errorPassword = "Your passwords do not match.";
	}
	
 if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email))
	{
        $errorEmail = "Please enter a valid email address.";
    }

	
$errors = $errorUsername . $errorPassword . $errorEmail;


return $errors;

}




if ($_POST)
{

   mysql_connect(localhost,$user,$password);
   @mysql_select_db($database) or die( "Unable to select database");
   
   
   $query = mysql_query("select * from users WHERE username = '$username'");
   $result = mysql_num_rows($query);
   
  

   
    $errors = ValidateForm($_POST, $result);
   
	if ($errors == "")
    {
      mysql_query("INSERT INTO users (username, email, password, comments) VALUES ('$username','$email','$userpassword','$comments')");
      mysql_close();
      echo "Sent";
    }
    else
    {
      echo "<script>shake();</script>";
    }
	

}

?>
<script type="text/javascript">
var posleft=10;
var count=0;

function shake(){
obj = document.getElementById('container');
if(++count > 6){
count = 0; psleft=10; obj.style.padding='0';return; }
posleft*=-1;
var newpos=parseInt(obj.style.left)?parseInt(obj.style.left)+posleft:0+posleft;
if(newpos<0){
n = newpos*-1;obj.style.paddingLeft=n + 'px'; obj.style.paddingRight='0';
}else{
obj.style.paddingRight=newpos + 'px'; obj.style.paddingLeft='0';}
var timer=setTimeout("shake()",40);
}
</script>

<br><br>

Posted: Tue Jun 27, 2006 11:30 pm
by Benjamin
The PHP code cannot interact with the Javascript. PHP runs on your web server while Javascript runs in the browser. If you want to execute the shake function when the page loads, call it from within the <body> tag using the onLoad event. If you want the function to run when a user clicks a button, call it from within the button using an onClick event.

Posted: Tue Jun 27, 2006 11:33 pm
by GeXus
astions wrote:The PHP code cannot interact with the Javascript. PHP runs on your web server while Javascript runs in the browser. If you want to execute the shake function when the page loads, call it from within the <body> tag using the onLoad event. If you want the function to run when a user clicks a button, call it from within the button using an onClick event.
So there is no way to call this function based on events within the php?

Posted: Tue Jun 27, 2006 11:38 pm
by GeXus
Also, I can call alerts from within the php in the same instance.. that works fine.

Posted: Wed Jun 28, 2006 12:25 am
by RobertGonzalez
Understand that PHP is not doing anything with the JavaScript except 'writing' it to the browser. You can do that all day long because PHP outputs HTML. So as long as you can output HTML you can output calls to JavaScript. But PHP is not doing the calling, it is merely writing the JavaScript code to the browser.

Posted: Wed Jun 28, 2006 6:22 am
by Jenk
also take note that

Code: Select all

if ($_POST) {
is an improper challenge. You should be using

Code: Select all

if (!empty($_POST)) {
at worst.

Posted: Wed Jun 28, 2006 8:49 am
by RobertGonzalez
I agree with Jenk. When he says at worst, that is truly at the most minimum. I usually check for a field I know is being posted. Small security check, big payback.

Posted: Wed Jun 28, 2006 7:33 pm
by GeXus
Thanks for the input.. I'll check for the username, rather then post.. :)

Why is it though that checking for post is not good? I'm not sure I completly understand.

Posted: Wed Jun 28, 2006 11:43 pm
by RobertGonzalez
Falsifying post data to launch an XSS attack.