0
$name="document.write(get_name());";

echo $n= $name; // Here it prints name also (correct one)

$sql=mysql_query("INSERT INTO tab1 (name,visited_time) values ('$n',NOW())");

Ideally this should print got name from the function but it inserting document.write(get_name());

Note : get_name function is returning the value correctly. and function is mandatory. Only the problem is it inserting document.write(get_name()); instead it's value.

Kabie
  • 10,489
  • 1
  • 38
  • 45
Android
  • 8,995
  • 9
  • 67
  • 108
  • 2
    You are using JS in PHP? You have to load the page and have to use AJAX request to send name and return result. – Muhammad Talha Akbar Aug 24 '13 at 05:45
  • 1
    possible duplicate of [Reference: Why does the PHP (or other server side) code in my Javascript not work?](http://stackoverflow.com/questions/13840429/reference-why-does-the-php-or-other-server-side-code-in-my-javascript-not-wor) – NullPoiиteя Aug 24 '13 at 05:49
  • Can you show what get_name's code or tell us what it produces. Maybe you can create a PHP version – Class Aug 24 '13 at 05:54

1 Answers1

0

It looks like you missed an important chapter about PHP / JS programming... PHP code is executed server side. JavaScript code is executed client side.

Steps to solve this are:

  • whenever you need this query to be executed, you need to make a call from JavaScript to PHP and pass the variables to the PHP. You can do this with an asynchronous call with jquery for example:

    // JS, executed on client side
var name = get_name(); // this javascript function must exist
$.get("path/to/your/page.php", {"name":name});

    More info about jQuery here: http://api.jquery.com/jQuery.get/

  • then, in PHP, you get this value from the global $_GET and you can use it:

    // php code that will be executed when path/to/your/page.php will be called
$name = $_GET['name'];
$sql = "INSERT INTO tab1 (name,visited_time) values ('" . $name . "',NOW())";
$rs= mysql_query($sql);

And that will do what you expect.

You can use this code to implement the logic, but it requires lots of improvements then:

  1. It is highly unsecured and leaves room for the most simple SQL injection attack. You must "quote" all values you use in your SQL queries (you can't trust any data coming from the client)
  2. $_GET['name'] may not exist or contain what you except so you need to use function like isset and to do more tests after to verify that nobody is trying to hack your variable
  3. you should POST method and not GET since this HTTP call will result in changing the state of the datbase
  4. mysql_query is deprecated: http://us2.php.net/manual/en/function.mysql-query.php you should use mysqli_query or PDO...

I'm not gonna talk about all these topics, they are highly covered on the web and a simple search your favorite search engine will give all the information you need.

Note: I wrote that "JavaScript code is executed client side". This is not exactly true since it is possible to build a server in JavaScript but this is far far far away from you concern and that wouldn't even change the fact that you still need to send the value from the client to the server with the kind of logic I just described.

fabien
  • 1,529
  • 1
  • 15
  • 28