passing a php variable into javascript function

Question

I am trying to pass a php value, obtained from a join query, to a javascript function. The javascript function will open a new window and show some data based on the passed value.My query works fine but the php value is not passed to the JS function.

My code :

<script type="text/javascript">

   function product(var) {
    window.open( "view_product_info.php?var", "myWindow", 
    "status = 1, height = 300, width = 300, resizable = 0" )
    }
 </script>

\\ the line where i am trying to pass the php varibale

 echo '<td align="center" ><a href="javascript:product('.$product_id.');"> <br/> '.$row['product_name'].'</a></td>';

why the php value $product_id is not passed to the product function.

Thanks in advance.

The code:

     <script type="text/javascript">
       <!--
    function product(var) {
    window.open( "view_product_info.php?id", "myWindow", 
     "status = 1, height = 300, width = 300, resizable = 0" )
      }
     function company() {
       window.open( "index.php", "myWindow", 
        "status = 1, height = 300, width = 300, resizable = 0" )
   }
     function category() {
        window.open( "index.php", "myWindow", 
     "status = 1, height = 300, width = 300, resizable = 0" )
 }

//-->

      <?php include("includes/header.php"); 


       $search = $_POST['search'];
       $sql= "my query1..";

       $sql2= "my query2";

       $result=mysql_query($sql);
       $result2=mysql_query($sql2);
     if($result) {
            echo '<center>';
    echo '<table cellpadding="0" cellspacing="0" border="1" width="100%">';
    echo '<tr><th>Sr No.</th><th>Product Name</th><th>Company      Name</th>         <th>Category</th></tr>';
               $number=1;
                 while ($row = mysql_fetch_array($result)){
                $row2 = mysql_fetch_array($result2);
                echo $product_id=$row2[product_id];

       echo '<tr> ';
        echo '<td align="center" >'.$number.'</td>';


                     echo '<td align="center" ><a href="javascript:product('<?= $product_id?>')">

''';

            echo '<td align="center"><a href="javascript:company()" ><br/>  '.$row['company_name'].'</td>';
echo '<td align="center"><a href="javascript:category()" ><br/>  '.$row['category_name'].'</td>';

   $number=$number+1;

          }echo '</tr>';
     echo'</table>';
          echo'</center>'; 

}
         else {
       echo "No data found";
    //echo mysql_error();

       }
       }
      }
     ?>

What does the rendered HTML show? – j08691 Aug 25 '13 at 03:58 — j08691, Aug 25 '13 at 03:58

Shomz · Accepted Answer · 2013-08-25T04:48:19.583

1

If it's not a number, you need to quote it:

<?php
echo '<td align="center" ><a href="javascript:product(\''.$product_id.'\');">
<br/> '.$row['product_name'].'</a></td>';
?>

Or, a neater way, use php just when needed (no PHP tags around, it's HTML with inserted PHP):

<td align="center" ><a href="javascript:product('<?= $product_id ?>')"> 
<br/><?= $row['product_name'] ?></a></td>

You can also define a JavaScript value and assign the PHP value to it and then use it, like:

var pid = '<?= $product_id ?>'; // then call product(pid)
etc...

EDIT

Code fix.

This:

<?php
...
// php stuff
...

echo '<tr> ';
echo '<td align="center" >'.$number.'</td>';

echo '<td align="center" ><a href="javascript:product('<?= $product_id?>')"> 
<br/>'<?= $row['product_name']?>'</a></td>';

echo '<td align="center"><a href="javascript:company()" ><br/>  '.$row['company_name'].'</td>';
echo '<td align="center"><a href="javascript:category()" ><br/>  '.$row['category_name'].'</td>';

$number=$number+1;

}echo '</tr>';
echo'</table>';
echo'</center>';

Can become something like this:

<?php
...
// php stuff
...

?> // close the PHP tag and switch to HTML
<tr>
<td align="center" ><?= $number ?></td>
<td align="center" ><a href="javascript:product('<?= $product_id?>')"> <br/>'<?= $row['product_name']?>'</a></td>

<td align="center"><a href="javascript:company()" ><br/> <?= $row['company_name'] ?></td>
<td align="center"><a href="javascript:category()" ><br/> <?= $row['category_name'] ?></td>

 <?php  // reopen PHP tag when needed
 $number++; // incrementation simplified
 }
 ?> // close again
 </tr>
 </table>
 </center>

Something like that.

Also, read here about the deprecated mysql_* functions and why you should switch to mysqli_* or PDO.

edited Aug 25 '13 at 04:48

answered Aug 25 '13 at 03:58

Shomz

37,421
4
57
85

thanks..but it's still not working. firebug is showing the following error: SyntaxError: missing formal parameter function product(var) { – Mar Far Aug 25 '13 at 04:03
@SmithSmithy But why would you copy my answer??? – Shomz Aug 25 '13 at 04:04
@MarFar Which method did you try? – Shomz Aug 25 '13 at 04:06
i had already had mine in. just needed to change the quotes. – Smith Smithy Aug 25 '13 at 04:07
i have tried the 1st one – Mar Far Aug 25 '13 at 04:09
Try the second one - it's much easier to read. You might've forgotten the php tags in the first one or messed the quote escaping (be careful with the backslash). – Shomz Aug 25 '13 at 04:11
@SmithSmithy "just" the quotes? :) The difference between the working and non-working code... – Shomz Aug 25 '13 at 04:12
if i try the 2nd method. it says Parse error: syntax error, unexpected '?'. I can't find what's wrong. – Mar Far Aug 25 '13 at 04:21
Something's probably wrong with your tags, we need to see the whole code, no point in guessing. – Shomz Aug 25 '13 at 04:23
i have added the whole code.. thanks for your help – Mar Far Aug 25 '13 at 04:36
No, the second method is html, which means you need to close the PHP tag before it (`?>`) and then reopen it afterwards when your PHP code starts again. Also, read [this](http://php.net/manual/en/function.mysql-connect.php) about the deprecated mysql_* functions. – Shomz Aug 25 '13 at 04:42

score 1 · Answer 2 · answered Aug 25 '13 at 04:03

1

Try this:

...
...
</script>

\\ the line where i am trying to pass the php varibale
<?php
   echo '<td align="center" ><a href="javascript:product('.$product_id.');"> <br/> '.$row['product_name'].'</a></td>';
?>

answered Aug 25 '13 at 04:03

Amit Malakar

618
1
5
10

score 1 · Answer 3 · answered Aug 25 '13 at 04:35

You need to be careful when doing this, as it can allow a hacker to take over your server in many situations.

The correct approach is to use json_encode and htmlspecialchars. Failing to do both is a security risk. Read up on the documentation for each to learn what they do.

Here is the correct, and safe, way to do it:

 $escaped_product_id = htmlspecialchars(json_encode($product_id));
 $escaped_product_name = htmlspecialchars($row['product_name']);
 echo '<td align="center" ><a href="javascript:product('.$escaped_product_id.');"> <br/> '.$escaped_product_name.'</a></td>';

passing a php variable into javascript function

3 Answers3