0

I have the following ASP.NET, javascript code:

var decPts = <%=currentDec.Survey.User.DecPts %>;
var locn = <%=currentDec.Survey.User.Location %>;
function sDPts(dn) {
    return ((Math.round(dn * Math.pow(10, decPts)) / Math.pow(10,
            decPts)).toFixed(decPts));
}
function update(decNumber) {
    dojo.byId('debug1').innerHTML = "decPts = (" + decPts + ")";
    dojo.byId('debug2').innerHTML = "Location = (" + locn + ")";
}

<asp:content>
        <div id="debug1"></div>
        <div id="debug2"></div>

</content>

I get the following:

decPts = (2)               ---- correct
Location = (undefined)     ---- not correct

DecPts and Location are columns in a SQL database record. DecPts is int and Location is string

If I rewrite the HTML as

<div id="debug1"></div></td>
<div id="debug2"><%=currentDec.Survey.User.Location %></div>

I get the correct answer, i.e.

decPts = (2)
US

What am I doing wrong ?

odbdux
  • 43
  • 9
  • 1
    I assume `locn` is supposed to be a string? If so, then you need to encapsulate it with quotes. `var locn = '<%=...%>';` Either way, you should be careful for [reflected XSS attacks](https://owasp.org/www-community/attacks/xss/). – Ivar May 30 '20 at 09:42
  • Yes. That fixed it. I assumed javascript variable would take on the type specified in the definition of the column. Anyway it works. Thanks !! – odbdux May 30 '20 at 09:55
  • 1
    No, JavaScript and your asp.net run on completely different environments. (See [What is the difference between client-side and server-side programming?](https://stackoverflow.com/questions/13840429/what-is-the-difference-between-client-side-and-server-side-programming)) The location is literally parsed into the JavaScript code and the JavaScript is then send to the user's browser and executed there. All relations to the database are gone there. – Ivar May 30 '20 at 09:58
  • Of course. One thing I hadn't mentioned: one of the things I tried was String(<%=currentDec.Survey.User.Location %>). Shouldn't that have helped? – odbdux May 30 '20 at 10:18
  • I don't know if that is some kind of asp.net function that adds the quotes for you (I haven't used asp.net in 10 years), but otherwise it wouldn't have made a difference. If you want to use a string literal in your JavaScript code, it needs to be encapsulated with quotes. – Ivar May 30 '20 at 10:40
  • Try dojo.byId('debug2').innerHTML = "Location = (" + locn.ToString() + ")"; – Yuri May 31 '20 at 17:09
  • Thanks for the suggestion. I think the general question I have is why does dojo.byId('debug1').innerHTML = "decPts = (" + decPts + ")"; work when decPtr is a number but dojo.byId('debug2').innerHTML = "Location = (" + locn + ")"; fails when locn is a string? In the first case javascript is converting decPtr to a string, i.e. string + num + string -> string but fails with location, i.e string + string +string fails. – odbdux May 31 '20 at 19:49

0 Answers0