-1

I'm trying to use the value stored in token in my PHP script to update a database value with SQLite. It wont let me use document.getElementByID....any ideas?

<div id="TokenCount">
<label for="token"><abbr title="Tokens">Tokens</abbr></label>
<input id="token" value="0" />
</div>

<div id="Buttons">
<button id="pay" onClick="pay(10); loadMessage()"><?php $db=sqlite_open("../../logins.db"); 
$token = document.getElementById('token').value;
sqlite_query($db,"UPDATE Users SET tokens='$token' WHERE user_id='{$_SESSION['user_id']}'"); 
sqlite_close($db); ?>Pay</button> 
</div>
</div>
user3553438
  • 1
  • 1
  • 1
    you can't execute server code on client side – Alex Apr 20 '14 at 07:56
  • `PHP` is server-side, `Javascript` (and `getElementByID`) is client-side. You cannot mix them in such manner. – hindmost Apr 20 '14 at 07:57
  • Use `AJAX` to pass Javascript value to PHP script – hindmost Apr 20 '14 at 07:59
  • in my .js file I have: document.getElementById('token').value = new_token; return new_token; new_token is also the value that I want to use to update my database value....how do I use AJAX to do that? do I do it in the .js file still? – user3553438 Apr 20 '14 at 08:09
  • possible duplicate of [Reference: Why does the PHP (or other server side) code in my Javascript not work?](http://stackoverflow.com/questions/13840429/reference-why-does-the-php-or-other-server-side-code-in-my-javascript-not-wor) – Quentin Apr 20 '14 at 09:16
  • @user3553438 see my example – Alex Apr 20 '14 at 09:18

2 Answers2

0

PHP code is executed server-side, so the website is sent to the client with the result of the PHP code without any PHP found in the source. Because of this HTML tags cannot be used in PHP on a website.

Lugia101101
  • 685
  • 1
  • 7
  • 21
0

As i said in comments, you can't execute PHP-code(server side code) on client side (in browser).

You should send AJAX query to server, and save this value to mysql on server side.

Javascript(jquery) code:

function loadMessage(){
    $.post("setValue.php", {val:document.getElementById('token').value} function( data ) {
       alert('success');
    });
}

Create new php script for example setValue.php (r use contoller action, or your own staff how you routing pages). Script code:

$token = $_POST['val'];
sqlite_query($db,"UPDATE Users SET tokens='$token' WHERE user_id='{$_SESSION['user_id']}'"); 
sqlite_close($db);
Alex
  • 8,055
  • 7
  • 39
  • 61
  • **Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** – Quentin Apr 20 '14 at 09:22
  • Hi Alex, where do I put the top bit? in the HTML or in the .js file? Is it a function called data that then needs to be called? – user3553438 Apr 20 '14 at 09:24
  • first part - js, this function you should call on button click, second - php script that will be called by ajax-query and will save value – Alex Apr 20 '14 at 09:27
  • @Alex — That doesn't make it a good idea to put security holes in your answers. – Quentin Apr 20 '14 at 09:29
  • @Quentin you think i should lecture about PDO and csrf in this answer? – Alex Apr 20 '14 at 09:33
  • @Alex - I'm not worried about security at the moment...just need to get it to work the simplest way. Alex, when you say call by ajax-query...what do you mean? I've put: – user3553438 Apr 20 '14 at 09:36
  • @Alex - Hi Alex, I'm so sorry...thank you for all your help but I still cant get it to work...i've done the following: – user3553438 Apr 20 '14 at 09:49
  • @Alex - .js file Ive put this function in: function loadTokens(){ $.post("updateTokens.php", {val:document.getElementById('token').value} function( data ) { alert('success'); }); } – user3553438 Apr 20 '14 at 09:50
  • @Alex - the updateTokens.php file contains only this: – user3553438 Apr 20 '14 at 09:50
  • @Alex - and I call the function in the HTML file like this: – user3553438 Apr 20 '14 at 09:51
  • @Alex - no error, but when my HTML page loads, it's like it's ignoring the whole .js file? If I remove the new function, it works again. And it isnt changing the value stored in the table – user3553438 Apr 20 '14 at 10:08
  • sorry, but you should learn debug your code - use console (F12) in web browser, and var_dump in php. – Alex Apr 20 '14 at 10:11
  • @Alex - function loadTokens(){ $.post("updateTokens.php", {val:document.getElementById('token').value} function( data ) { alert('success'); }); } it expects a ) and a ; before function(data) and it says that $ is undefined. And sorry I didnt realise I could do the f12 thing....v new to this – user3553438 Apr 20 '14 at 10:24
  • @Alex - if I add the ); before the function(data) then the .js file loads and everything else works as normal...but it still says the $ is undefined? – user3553438 Apr 20 '14 at 10:26
  • add to header – Alex Apr 20 '14 at 10:59