Jump to content
Please Use CODE Tags

Php and javascript

NetifxSixteen
By NetifxSixteen
in Programming
 Share
Go to solution Solved by fizzlesticks,

maybe its my browser, do i need extra programs installed for it to read php?

i tried xampp but am getting a fatal error as php loads

You need a webserver that can run PHP, what errors is xampp giving?

Posted

So i want to pass a variable from javascript to php with the window.open command but it wont do the trick, anyone who can debug this thingy?

 

JS

var totalCost = (z * hotels[xvalue][bvalue]);window.open("lastPage.php" + "?totalcost=" + totalCost "", "Confirm Your Book", "toolbar=no,width=450,height=400");

There are some ifs between but it doesnt seem to get in the way as the lastPage.php always loads.

 

How can i read the variable in the php?

 

EDIT: so you wont have to read all the comments

 

<form class="getRooms" action="lastPage.php?totalcost=" method="post" accept-charset="UTF-8">    <label for="YourName">YouName</label><br/>    <input type="Text" id="YourName" name="YourName" required><br/><br/></form>

So thats some code from the form, the send button triggers a javascript function which checks all the input areas(oh god they are many).

If it comes true, it uses windows.open method to call the php file.

var totalCost = (z * hotels[xvalue][bvalue]);window.open("lastPage.php?totalcost=" + totalCost "", "Confirm Your Book", "toolbar=no,width=450,height=400");

The problem is how can i pass the variable totalCost from inside tha function to the new php, and am kinda having problem using the variables of the html in the php file for some reason it wont print them.

 

Some of Php Code

<p>Room will be booked to: <?php echo $_POST["YourName"]; ?></p>

For some reason when php loads it only will print the "Room will be booked to"

 

Do i need anything besides Xampp installed?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

what exactly seems to be the problem? do you get any error code?

 

I believe you have a missing plus sign between totalCost and quotation marks

CPU: Intel i7 5820K @ 4.20 GHz | MotherboardMSI X99S SLI PLUS | RAM: Corsair LPX 16GB DDR4 @ 2666MHz | GPU: Sapphire R9 Fury (x2 CrossFire)
Storage: Samsung 950Pro 512GB // OCZ Vector150 240GB // Seagate 1TB | PSU: Seasonic 1050 Snow Silent | Case: NZXT H440 | Cooling: Nepton 240M
FireStrike // Extreme // Ultra // 8K // 16K

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

what exactly seems to be the problem? do you get any error code?

 

I believe you have a missing plus sign between totalCost and quotation marks

 

I am calculating the totalCost as a result of some choices in javascript and i cant find a way to pass that variable to php so i can display it.

I read that can be done using the url to pass it, but the url wont change when the lastPage.php loads.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

would this be of any help:

http://stackoverflow.com/questions/1917576/how-to-pass-javascript-variables-to-php

 

http://stackoverflow.com/a/8191134

CPU: Intel i7 5820K @ 4.20 GHz | MotherboardMSI X99S SLI PLUS | RAM: Corsair LPX 16GB DDR4 @ 2666MHz | GPU: Sapphire R9 Fury (x2 CrossFire)
Storage: Samsung 950Pro 512GB // OCZ Vector150 240GB // Seagate 1TB | PSU: Seasonic 1050 Snow Silent | Case: NZXT H440 | Cooling: Nepton 240M
FireStrike // Extreme // Ultra // 8K // 16K

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

do i have to change the name of the file to "lastPage.php?totalcost=" or call it as that from the html form (action="lastPage.php?totalcost=") ?

you'll have to do HTTP GET to lastPage.php supplying it with a get parameter totalcost

 

so the second option: call it as that from the html form (action="lastPage.php?totalcost=")

CPU: Intel i7 5820K @ 4.20 GHz | MotherboardMSI X99S SLI PLUS | RAM: Corsair LPX 16GB DDR4 @ 2666MHz | GPU: Sapphire R9 Fury (x2 CrossFire)
Storage: Samsung 950Pro 512GB // OCZ Vector150 240GB // Seagate 1TB | PSU: Seasonic 1050 Snow Silent | Case: NZXT H440 | Cooling: Nepton 240M
FireStrike // Extreme // Ultra // 8K // 16K

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

http://www.w3schools.com/jsref/met_win_open.asp

http://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_win_open

CPU: Intel i7 5820K @ 4.20 GHz | MotherboardMSI X99S SLI PLUS | RAM: Corsair LPX 16GB DDR4 @ 2666MHz | GPU: Sapphire R9 Fury (x2 CrossFire)
Storage: Samsung 950Pro 512GB // OCZ Vector150 240GB // Seagate 1TB | PSU: Seasonic 1050 Snow Silent | Case: NZXT H440 | Cooling: Nepton 240M
FireStrike // Extreme // Ultra // 8K // 16K

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
<form class="getRooms" action="lastPage.php" method="post" accept-charset="UTF-8">   <label for="YourName">YouName</label><br/>	<input type="Text" id="YourName" name="YourName" required><br/><br/></form>

So thats some code from the form, the send button triggers a javascript function which checks all the input areas(oh god they are many).

If it comes true, it uses windows.open method to call the php file.

window.open("lastPage.php" + "?totalcost=" + totalCost "", "Confirm Your Book", "toolbar=no,width=450,height=400");

The problem is how can i pass the variable totalCost from inside tha function to the new php, and am kinda having problem using the variables of the html in the php file for some reason it wont print them.

 

Some of Php Code

<p>Room will be booked to:  <?php echo $_POST["YourName"]; ?></p>

For some reason when php loads it only will print the "Room will be booked to"

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Try this

 

window.open("lastPage.php?totalcost=" + totalCost, "Confirm Your Book", "toolbar=no,width=450,height=400");

CPU: Intel i7 5820K @ 4.20 GHz | MotherboardMSI X99S SLI PLUS | RAM: Corsair LPX 16GB DDR4 @ 2666MHz | GPU: Sapphire R9 Fury (x2 CrossFire)
Storage: Samsung 950Pro 512GB // OCZ Vector150 240GB // Seagate 1TB | PSU: Seasonic 1050 Snow Silent | Case: NZXT H440 | Cooling: Nepton 240M
FireStrike // Extreme // Ultra // 8K // 16K

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

 

Try this

 

window.open("lastPage.php?totalcost=" + totalCost, "Confirm Your Book", "toolbar=no,width=450,height=400");

 

May i PM you?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

May i PM you?

you can try

but to be honest I'm googling along and browsing w3schools as we're having this conversation because I'm not really into php or jscript

 

all I know is <script>alert("you've been haxxored");</script>

CPU: Intel i7 5820K @ 4.20 GHz | MotherboardMSI X99S SLI PLUS | RAM: Corsair LPX 16GB DDR4 @ 2666MHz | GPU: Sapphire R9 Fury (x2 CrossFire)
Storage: Samsung 950Pro 512GB // OCZ Vector150 240GB // Seagate 1TB | PSU: Seasonic 1050 Snow Silent | Case: NZXT H440 | Cooling: Nepton 240M
FireStrike // Extreme // Ultra // 8K // 16K

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

you can try

but to be honest I'm googling along and browsing w3schools as we're having this conversation because I'm not really into php or jscript

 

all I know is <script>alert("you've been haxxored");</script>

hehe ok then we shall wait for someone who knows.

maybe its my browser, do i need extra programs installed for it to read php?

i tried xampp but am getting a fatal error as php loads

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

The problem is you are trying to use POST and GET two different ways at the same time:

<form class="getRooms" action="lastPage.php" method="post" accept-charset="UTF-8">

This is saying the form data will be sent as a POST to lastPage.php. And this:

window.open("lastPage.php" + "?totalcost=" + totalCost "", "Confirm Your Book", "toolbar=no,width=450,height=400");

Is going to load lastPage.php with the totalcost GET value passed through. You cannot do both of these at the same time like this and if you are going to use this totalcost value later on it certainly shouldn't be a GET anyway, if anything it should be calculated once the form is submitted in PHP.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Solution

maybe its my browser, do i need extra programs installed for it to read php?

i tried xampp but am getting a fatal error as php loads

You need a webserver that can run PHP, what errors is xampp giving?

1474412270.2748842

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

You need a webserver that can run PHP, what errors is xampp giving?

 

Warning: Unknown: failed to open stream: No such file or directory in Unknown on line 0

Fatal error: Unknown: Failed opening required 'C:/xampp/htdocs/Project/lastPage.php' (include_path='.;C:\xampp\php\pear') in Unknown on line 0

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Got it boys, unistalled XAMPP and installed WampServer some magic happend and everyone is happy.

Although, i removed open.window from Js and put Return myFunction() on button click.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

So i want to pass a variable from javascript to php with the window.open command but it wont do the trick, anyone who can debug this thingy?

 

JS

var totalCost = (z * hotels[xvalue][bvalue]);window.open("lastPage.php" + "?totalcost=" + totalCost "", "Confirm Your Book", "toolbar=no,width=450,height=400");

There are some ifs between but it doesnt seem to get in the way as the lastPage.php always loads.

 

How can i read the variable in the php?

 

EDIT: so you wont have to read all the comments

 

<form class="getRooms" action="lastPage.php?totalcost=" method="post" accept-charset="UTF-8">    <label for="YourName">YouName</label><br/>    <input type="Text" id="YourName" name="YourName" required><br/><br/></form>

So thats some code from the form, the send button triggers a javascript function which checks all the input areas(oh god they are many).

If it comes true, it uses windows.open method to call the php file.

var totalCost = (z * hotels[xvalue][bvalue]);window.open("lastPage.php?totalcost=" + totalCost "", "Confirm Your Book", "toolbar=no,width=450,height=400");

The problem is how can i pass the variable totalCost from inside tha function to the new php, and am kinda having problem using the variables of the html in the php file for some reason it wont print them.

 

Some of Php Code

<p>Room will be booked to: <?php echo $_POST["YourName"]; ?></p>

For some reason when php loads it only will print the "Room will be booked to"

 

Do i need anything besides Xampp installed?

 

A better way would be doing an Ajax via JS/JQ and saving the variable in the global session variable. Would save you a lot of hassle.

 

JQuery

$.ajax({    url:'jstosession.php',    data:{        totalcost:totalCost,    },    method:'post',    success:function(){       console.log('Data Sent');    }});

PHP:

<?php    session_start();    if(isset($_POST) && !empty($_POST)){        $_SESSION['totalcost'] = $_POST['totalcost'];    }

Regards

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Got it boys, unistalled XAMPP and installed WampServer some magic happend and everyone is happy.

Although, i removed open.window from Js and put Return myFunction() on button click.

 

Glad you got it sorted, if you are serious about further development you might want to consider using a VM to run a web server such as Apache on Ubuntu or use a cloud service like DigitalOcean to host a server.

 

 

A better way would be doing an Ajax via JS/JQ and saving the variable in the global session variable. Would save you a lot of hassle.

 

JQuery

$.ajax({

url:'jstosession.php',

data:{

totalcost:totalCost,

},

method:'post',

success:function(){

console.log('Data Sent');

}

});

PHP:

<?php

session_start();

if(isset($_POST) && !empty($_POST)){

$_SESSION['totalcost'] = $_POST['totalcost'];

}

Regards

 

That is an AWFUL way to pass data from JS to PHP. OP is already submitting a form full of data so why would they want to send the totalcost separately? Also its totally insecure. An attacker could easily call jstosession.php themselves and pass their own total price into the backend and now they have a free order.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

 

Glad you got it sorted, if you are serious about further development you might want to consider using a VM to run a web server such as Apache on Ubuntu or use a cloud service like DigitalOcean to host a server.

 

 

 

That is an AWFUL way to pass data from JS to PHP. OP is already submitting a form full of data so why would they want to send the totalcost separately? Also its totally insecure. An attacker could easily call jstosession.php themselves and pass their own total price into the backend and now they have a free order.

 

 

isn't the OP just trying to pass a variable to another window? I mean yeah that is a loophole but if the OP just have to pass a variable to the other Windows, then I think this would do it. I might have misunderstood the post tough.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

isn't the OP just trying to pass a variable to another window? I mean yeah that is a loophole but if the OP just have to pass a variable to the other Windows, then I think this would do it. I might have misunderstood the post tough.

 

Yes they are trying to pass a variable into PHP but you completely ignored the fact they are already sending a lot of data another way at the same time and your solution misuses Session variables and has security flaws. Not exactly the best thing to be suggesting on a website where people are here to learn.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Yes they are trying to pass a variable into PHP but you completely ignored the fact they are already sending a lot of data another way at the same time and your solution misuses Session variables and has security flaws. Not exactly the best thing to be suggesting on a website where people are here to learn.

 

They're not sending anything the other way. From what I can see, the form is never submitted.

 

What they should really be doing is getting the form object and submitting it via JS, after calculating the total cost and adding it to the form through a hidden form control

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

They're not sending anything the other way. From what I can see, the form is never submitted.

 

What they should really be doing is getting the form object and submitting it via JS, after calculating the total cost and adding it to the form through a hidden form control

 

Unless OP has used preventDefault() to stop their click on the submit button from continuing and just not shown it here the form is still going to submit in the original window.

 

Really any sensitive logic such as calculating a price should be done in the back-end where the user is unable to intercept the data and modify it. Adding the totalcost as a form element would still enable me to submit the form another way with my own price in place of a real one.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Yes they are trying to pass a variable into PHP but you completely ignored the fact they are already sending a lot of data another way at the same time and your solution misuses Session variables and has security flaws. Not exactly the best thing to be suggesting on a website where people are here to learn.

 

By bad. Didn't understand the question i think.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Unless OP has used preventDefault() to stop their click on the submit button from continuing and just not shown it here the form is still going to submit in the original window.

 

Really any sensitive logic such as calculating a price should be done in the back-end where the user is unable to intercept the data and modify it. Adding the totalcost as a form element would still enable me to submit the form another way with my own price in place of a real one.

You're absolutely right. I think I misread the OP. I didn't see any submit button defined in the form, so assumed OP was using a button elsewhere with a click event bound to it.

 

However, I am confused about putting the calculation on the back end. What stops the user from sending their own values for the parameters used to calculate total cost? Putting the calculation in the back end doesn't seem to really solve the problem, does it?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

However, I am confused about putting the calculation on the back end. What stops the user from sending their own values for the parameters used to calculate total cost? Putting the calculation in the back end doesn't seem to really solve the problem, does it?

 

By allowing the front-end to pass the calculated totalcost to the back-end unless you recalculate and verify the value you are trusting that whatever was on that form was correct.

 

This means I could easily mock this form up myself and submit it to the back-end or intercept the POST with something like Burp Suite. Now I could order 10x of an item and put the price through as 1.

 

If you calculate the cost on the back-end even if the user submits the form a different way or intercepts the request the cost being calculated is still for the items the data received says the user wants and therefore will always reflect the true cost of the items the back-end received

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×