Rendered first Javascript before PHP

Question

Assuming in PHP file there're :

    function printAllRows(){
      for( everyrows in db){
         echo "<tr>";
         echo "<td> $_POST['..'] <td>";
         echo "<td> $_POST['..'] <td>";
         echo "<tr>"; 
      }

     }


function printSpecifRows($keyword){
  .....
 }

// When the page loads for the first time

 if ($db->preRow() >0){ // count rows in DB , if there already show them as table 
printAllRows();
}

At the same time , there is

<input type="text" name="keywoard"  />
<input type="submit" name="find" value="search" />

If the user enter the keyword press the button , then just show the rows match the keyword!

so :

if( $_POST["find"]){
 ?>

 <script>
 // first clear the current DOM table
  document.getElementById("myTable").innerHTML="";
 </script>

 <?php


 // then print again! according to printSpecifRows($keyword) 
 function printSpecifRows($keyword){
  .....
 }}

But the problem here is that JS is rendered first before PHP , so printSpecifRows($keyword) won't never be reached , any idea. I really appreciate your help. Thanks.

**Danger**: This code is [vulnerable to XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)). User input needs escaping before being inserted into an HTML document!. — Quentin, Jun 09 '15 at 16:27
Do you reaslize PHP and JavaScript do not run at the same time? Why would you right out JavaScirpt to clear the table on a new page load? — epascarello, Jun 09 '15 at 16:29
js is not "rendered" before PHP. php executes on the server, js executes on the client. they're completely different environment. — Marc B, Jun 09 '15 at 16:29
thank you , @epascarello ,@MarcB , i just learn many new things from this question. — Plain_Dude_Sleeping_Alone, Jun 09 '15 at 16:47

score 3 · Accepted Answer · answered Jun 09 '15 at 16:29

3

You are massively over-complicating things. Get rid of the <script> entirely. There is no need or point in involving JS here.

Just change the PHP so it doesn't output all the data in the first place if you don't want it on the page.

if ($_POST["find"]){
    printSpecifRows($_POST["find"]);
} else {
    printAllRows();
}

answered Jun 09 '15 at 16:29

Quentin

914,110
126
1,211
1,335

2

it's good practice to use `if (isset($_POST["find"])){...` to avoid undefined index error, (or use `filter_input`) – andrew Jun 09 '15 at 16:33
oh my bloody sexy gf, My thought is so deep that i messed everything , thank you so much Quentin. And about XSS why so?? in simple explanation , i'm rookie :) thanks again – Plain_Dude_Sleeping_Alone Jun 09 '15 at 16:38
1

@febri23 About XSS: http://stackoverflow.com/questions/15755323/what-is-cross-site-scripting There are clear examples. – Jun 09 '15 at 16:43

Rendered first Javascript before PHP

1 Answers1