Pass GET variable to JavaScript

Question

I'm using GET to retrieve a query string from my url e.g:

index.php?page=quiz

Then I want to run my function getPage which is JS using the value of page= (in this case it's quiz)

So I have an onload function which only runs if page has a value:

<body
    <?php
        if(!empty($_GET["page"])){
            //echo "onload='runPage(" . $_GET["page"] . ")'";
            echo "onload='runPage()'";
        }
    ?>
>

This basically works out as:

<body onload="runPage(quiz)">

I want to pass quiz in this case to the runPage function so that I can use it within it. For example:

function runPage(this){
  var page = this;
  console.log("Page = " + page);
}

But this just throws an error saying quiz is undefined... where is my logic wrong?

Edit: So I've updated my code and am now getting:

<body onload='runPage("quiz")'>

But now I want to take "quiz" and pass it to this function:

function runPage(){
// run stuff in here using the value of that variable e.g:
console.log("You've come through from the URL with quiz on the end");
}

http://stackoverflow.com/questions/5448545/how-to-retrieve-get-parameters-from-javascript — Andresch Serj, Apr 02 '14 at 13:27
you'll find your GET Variable in window.location.search as well — Andresch Serj, Apr 02 '14 at 13:28
quiz is an undefined var, you should pass it as a string: `` — Morrisda, Apr 02 '14 at 13:29
You need to transform quiz to string otherwise it would try to evaluate a variable called "quiz" which doesn't exist. — Igor Escobar, Apr 02 '14 at 13:29

score 0 · Answer 1 · answered Apr 02 '14 at 13:30

You need to put the variable in there. For an inline event handler, it's a little trickier:

<body <?php
  if( !empty($_GET['page'])) {
    echo 'onLoad="runPage('.htmlspecialchars(json_encode($_GET['page'])).');"';
  }
?> >

Normally, you can just use json_encode to pass a variable from PHP to JavaScript in a safe, XSS-proof manner. But because you are in an inline event handler, you need to also use htmlspecialchars to ensure that it doesn't break your HTML context (as that could potentially be another XSS vector otherwise).

score 0 · Answer 2 · 2014-04-02T14:03:32.860

0

You need to enclose your string in quotes. Because you're already nesting quotes in your PHP code you'll need to escape them like this:

echo "onload='runPage(\"" . $_GET["page"] . "\")'";

Be careful, though. This is susceptible to script injection. At the very least you need to sanitise the contents of $_GET['page'].

Your Javascript function then becomes:

function runPage(page){
  console.log("Page = " + page);
}

Note that this is a keyword and has a special meaning in Javascript. You don't need it anyway - just use a different variable name.

edited Apr 02 '14 at 14:03

answered Apr 02 '14 at 13:30

1

What happen if I set up you the bomb, and send you to `http://example.com/index.php?page="); alert("All your base are belong to us` ? – Niet the Dark Absol Apr 02 '14 at 13:32
OK so I tried this. But I don't understand how to get that value: ("thisvaluehere") from the onload and be able to use it in the function. – user1486133 Apr 02 '14 at 13:43

score 0 · Answer 3 · answered Apr 02 '14 at 13:34

0

location.search Return the query portion of a Url

URL:index.php?page=quiz

location.search="?page=quiz"

answered Apr 02 '14 at 13:34

Omar Sedki

608
6
14

Not quite what's being asked here... Admittedly the question is awkwardly worded, but you should pay attention ^_^ – Niet the Dark Absol Apr 02 '14 at 13:34

score -2 · Answer 4 · answered Apr 02 '14 at 13:30

-2

function runPage(){
  var page = '<?php echo $_GET['page']?>';
  if(page!=''){
    console.log("Page = " + page);
  }      
}

answered Apr 02 '14 at 13:30

Yashankit Vyas

124
5

1

Please explain the code you have posted - don't just post a block of code! – Niet the Dark Absol Apr 02 '14 at 13:34
I left it for you to do – Yashankit Vyas Apr 02 '14 at 13:38
Its better to edit the answer as you like rather downvote. – Yashankit Vyas Apr 04 '14 at 13:43

Pass GET variable to JavaScript

4 Answers4