Buttons not working due embed PHP Code in JS if-query

Question

The problem is, that my buttons aren't working. I cant click on them.

All variables are correct and have a value. Can someone help me? Thanks

`

 ?>
                <script>
                        var startTime = Date.now(); // Startzeit in Millisekunden
                        function checkAnswer(selectedOption) {
                            
                            if (selectedOption == '<?php echo $answer; ?>') {
                               
                                document.getElementById('result').innerHTML = 'CORRECT!';
                                var endTime = Date.now(); 
                                var elapsedTime = endTime - startTime; 
//Time for the question, max 10 Sec., every Sec = 1000 Points.
                                var points = Math.max(0, 10000 - elapsedTime); 
                                document.getElementById('result').innerHTML += '<br>Points: ' + points;
                                window.location.href = "quiz2.php?points=" + points;
                                <?php
                                    $points = $_GET['points'];
                                    $sql999 = "UPDATE games SET score = score + $points WHERE nickname = '$nickname'";
                                    mysqli_query($conn, $sql999);
                                ?>
                            } else {
                               // Submitted a incorrect answer
                                document.getElementById('result').innerHTML = 'Incorrect! The answer is: ' + '<?php echo $answer; ?>';
                            }

                            // Hide all questions and answers
                            document.getElementById('question').classList.add('hidden');
                            document.getElementById('option1').classList.add('hidden');
                            document.getElementById('option2').classList.add('hidden');
                            document.getElementById('option3').classList.add('hidden');
                            document.getElementById('option4').classList.add('hidden');
                        }          
                </script>
                <?php

you can't use JS variables in PHP like that. In fact that PHP code including the `mysqli_query` will run as soon as the page loads, not when that JS function is executed. See [this Q&A](https://stackoverflow.com/questions/13840429/what-is-the-difference-between-client-side-and-server-side-programming) for more on this. — Robin Zigmond, Dec 29 '22 at 13:57
**WARNING**: When using `mysqli` you should be using [parameterized queries](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](https://php.net/manual/en/mysqli-stmt.bind-param.php) to add any data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](https://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or data *of any kind* directly into a query, it can be very harmful if someone seeks to exploit your mistake. — tadman, Dec 29 '22 at 14:19
Think about order of events. PHP receives the request, renders the page, and sends the HTML to the browser. By the time the browser is rendering that page the PHP process has moved on to other work, it's no longer able to interact with that page. — tadman, Dec 29 '22 at 14:20
Users cannot input any text which includes spaces, so I think the SQL Injection Bug will not be possible — emirk, Dec 29 '22 at 14:34
What??? Sql injection has nothing to do with spaces. Don't be naive or lazy...switch to using the recommended approach. It will also make your queries more reliable in general — ADyson, Dec 29 '22 at 15:53

score 0 · Answer 1 · answered Dec 29 '22 at 14:00

You need to pass this points variable as ajax request to a php file, or you can redirect to the page

window.location.href = "quiz2.php?points=" + points;

just like you did and upon getting on the page use isset on get variables and apply the condition but this will look bad, so ajax is the better approach

<?php
                                $points = $_GET['points'];
                                $sql999 = "UPDATE games SET score = score + $points WHERE nickname = '$nickname'";
                                mysqli_query($conn, $sql999);
                            ?>

save this code in a seperate PHP file and hit it using ajax with the points paramenter.

Buttons not working due embed PHP Code in JS if-query

1 Answers1