0

I have a HTML TextBox on my web page that show number of current question (A small web page to answer some question), I want to make shortcut to a question that users want by type number of question in TextBox. I use this code below but this not work correctly.

For example all questions are 8 and when I enter 15 in TextBox and press Enter, if clause don't work and Question variable set with 15. I use alert function to trace it and I understand that if clause don't work correctly. Can somebody check it and guide me? This is all of my code:

<?php
$All = 8;
$URL = "http://localhost/Test.php";
if(isset($_GET["edtQuestionNo"])){
    $QuestionNo = $_GET["edtQuestionNo"];
}else{
    $QuestionNo = 1;
}
?>
<html>
<head>
<title>Test Page</title>
<script type="text/javascript">
function KeyPress(e, URL, All){
    if(e.keyCode === 13){
        var Question = document.getElementsByName("edtQuestionNo")[0].value;
        if(Question > All){
            Question = All;
            alert(All + "  " + Question + "  yes");
        }
        else{
            alert(All + "  " + Question + "  no");
        }
        window.open(URL + "?edtQuestionNo=" + Question,"_self");
    }
}
</script>
</head>
<body>
    <form action="Test.php" method="get" name="FRMQuestion">
        <label>Enter question number : </label>
        <input type="text" name="edtQuestionNo" id="QuestionNo" value="<?php echo $QuestionNo; ?>" 
            onkeypress="KeyPress(event,'<?php echo $URL; ?>','<?php echo $All; ?>')">
        <br>
        <label>Question number is : <?php echo $QuestionNo; ?></label>
    </form>
</body>
</html>
Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
Yousef Rahimy Akhondzadeh
  • 163
  • 1
  • 2
  • 13
  • show what is in the variables "URL"," All" and also your html container you are adding this keypress event – repzero Nov 12 '16 at 16:06
  • Just a heads up -- this code is vulnerable to XSS as you're not escaping user input ($QuestionNo) before printing it. Check out http://stackoverflow.com/questions/15755323/what-is-cross-site-scripting and http://stackoverflow.com/search?tab=votes&q=xss. – Dogbert Nov 13 '16 at 05:35

1 Answers1

0

I solve it 1. I have to use parseInt function for comparing All and Question value. because they are in different type. 2. I put Question value (after computing) in HTML TextBox again and then open URL. My code is:

<?php
$All = 8;
$URL = "http://localhost/Test.php";
if(isset($_GET["edtQuestionNo"])){
    $QuestionNo = $_GET["edtQuestionNo"];
}else{
    $QuestionNo = 1;
}
?>
<html>
<head>
<title>Test Page</title>
<script type="text/javascript">
function KeyPress(e, URL, All){
    if(e.keyCode === 13){
        var Question = document.getElementsByName("edtQuestionNo")[0].value;
        if(parseInt(Question) > parseInt(All)){
            Question = All;
        }
        document.getElementsByName("edtQuestionNo")[0].value = Question;
        window.open(URL + "?edtQuestionNo=" + Question,"_self");
    }
}
</script>
</head>
<body>
    <form action="Test.php" method="get" name="FRMQuestion">
        <label>Enter question number : </label>
        <input type="text" name="edtQuestionNo" id="QuestionNo" value="<?php echo $QuestionNo; ?>" 
            onkeypress="KeyPress(event,'<?php echo $URL; ?>','<?php echo $All; ?>')">
        <br>
        <label>Question number is : <?php echo $QuestionNo; ?></label>
    </form>
</body>
</html>
Yousef Rahimy Akhondzadeh
  • 163
  • 1
  • 2
  • 13