-2

Suppose that I have the code as below:

<?php 
    include ('include/connectdb.php');
    if(isset($_POST['tbn_submit'])){
        $username = $_POST['text_username'];
        $password = $_POST['text_password'];
        $query = "SELECT * FROM tblusers WHERE `user_username`='".$username."' AND user_password='".$password."'";
        $res = mysql_query($query) or die (mysql_error());
        if($res){
            if(mysql_num_rows($res)){
                $user = mysql_fetch_assoc($res);
                if($user['user_possition'] == "Admin"){
                    echo '<script type="text/javascript">window.location = "view_form.php"</script>';
                }
                else if($user['user_possition'] == "User"){
                    header("location:view_edit_uid.php?uid=".$user['user_id']);
                    //in this point I need to use javascript instead of php code but I do not know how to write it
                }                                       
                else if($user['user_possition'] == "R1"){
                    echo '<script type="text/javascript">window.location = "view_form_res1.php"</script>';
                }
                else if($user['user_possition'] == "R2"){
                    echo '<script type="text/javascript">window.location = "view_form_res2.php"</script>';
                }                               
            } 
            else {
                echo '<tr><td colspan="2"><center><b style="color:red;">Invalide username or password, please check again!</b></center></td></tr>';             
            }
        } 
    }
?>

Problem

I need to get the $user['user_id'] to use in javascript like

`echo '<script type="text/javascript">window.location = "view_edit_uid.php?uid=".$user['user_id']</script>';`

but it dose not work, because it do not know $user['user_id'] in javascript,So how do I fix this?

Anyone help me please,Thanks.

ianace
  • 1,646
  • 2
  • 17
  • 31
Pov Nu
  • 68
  • 1
  • 8
  • 2
    You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Nov 14 '12 at 06:47
  • 2
    [Do not store passwords in clear text](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet)! – Quentin Nov 14 '12 at 06:47
  • 1
    Why do this in JavaScript and not HTTP? And HTTP redirect is the appropriate way to do this sort of thing (since it is more efficient and doesn't mess up the back button) – Quentin Nov 14 '12 at 06:48

4 Answers4

3

You have to echo it just like you would any PHP variable.

<script type="text/javascript">
  window.location = "view_edit_uid.php?uid=<?php echo $user['user_id']; ?>";
</script>

Or to redirect specifically with PHP...you must perform this before any other headers are sent.

header( 'Location: view_edit_uid.php?uid=' . $user['user_id'] ) ;
Pastor Bones
  • 7,183
  • 3
  • 36
  • 56
1
echo '<script type="text/javascript">window.location = "view_edit_uid.php?uid='.$user['user_id'].'"</script>';

You left out some " and '.

Joseph
  • 238
  • 1
  • 9
1

Yes, you can use window.location

else if($user['user_possition'] == "User"){
    //header("location:view_edit_uid.php?uid=".$user['user_id']);
    echo '<script type="text/javascript">window.location = "view_edit_uid.php?uid='.$user['user_id'].'"</script>';
}
Muthu Kumaran
  • 17,682
  • 5
  • 47
  • 70
1
echo '<script type="text/javascript">window.location = "view_edit_uid.php?uid='.$user['user_id'].'";</script>';
Miracle
  • 11
  • 3