Re: setting window size and php


Annette Block schreef:
On Mon, 29 Sep 2008 13:22:57 +0200 wrote Erwin Moller
<Since_humans_read_this_I_am_spammed_too_much@xxxxxxxxxxxxxxxx>:

Annette Block schreef:

Hi Annette,

I'm rather new in JavaScript, but I have some experience in php.
I learned it's rather easy to open a window of a specified size with
JavaScript, that you need to specify the opened file, but I don't see
how to do that in php.
Well, you let PHP just put in the right values for JavaScript to use.

The file I want to open is "detail.php?item=$item". This generates a
query, which results in a table of at most 5x3 items. I want a window
size that is of an appropriate size. I tried:
<HEAD>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
Leave out LANGUAGE="JavaScript".


<!--
Stop using the <!-- also. ;-)


function NewWindow() {
window.open("detail.php?item=$item", "new", "width=500, height=300");
}
//-->
</SCRIPT>
- - - - </HEAD>
and as hyperlink
<A HREF="detail.php?item=$item" TARGET="new" onClick="NewWindow();
return false;">details</A>
Excactly.
And you don't want $item of course, you want its value.

So why don't you put it there? Like this:
<A HREF="detail.php?item=<?php echo $item; ?>" TARGET="new" onClick="NewWindow(); return false;">details</A>


As a matter of fact I tried in the header more than just the example
shown, but no result. With this I came closest, getting a message that
my SQL syntax was wrong. Which isn't.
That means more is wrong.
I bet your SQL is vunurable to SQL injection.
If you from PHP take a value from the user, theat it like dangerous stuff that will try to corrupt your database. Never trust it.

SO, do this:
$itemPassed = (int)$_GET["item"];
when you expect an integer.

If you expect a string, make sure you escape it well before feeding to your database.
It is VERY EASY to pass a value that will delete everything in your database.

Google for SQL injection for more info.


I also tried setting the window size within the details.php. But then
all windows became of the same size.
SInce you didn't show us code that should do that, we cannot possibly comment on it.

I know that php is server-side and JavaScript is client-side.
Yes.

Any help or hint will be appreciated.
Annette
Regards,
Erwin Moller

Thank you, Erwin.
Your tips were very helpful. Now I get a window of the right size,
that is in IE. In Firefox it is still a whole page, but I prefer to
count my blessings.
I'm aware of the danger of getting wrong input. In this case the user
can only click on a number and, if he /she wishes so, more details and
backgrounds are given.
However a strange thing happened. I got an error message saying that
there is an unknown column '$item' in 'where clause'. Of course there
is a column called 'item'. Somehow the value is not transferred. This
is also strange as I get no signal about when moving the mouse over
the hyperlink. I guess this is PHP, so I trust I'll manage sooner or
later. But thanks for your help.
Regards,
Annette

Hi Annette,

A few tips about debugging that helped me a lot:
1) When debugging HTML, always FIRST do a 'view source' of the results PHP sent you. Simply check if all the things you want in the page are put there with their right values.
2) When debugging postings/requests from a browser to PHP, simply do this:

echo "<pre>";
print_r($_POST);
echo "</pre>";
exit;

Or $_GET, or whatever you want to see.
That way you can easily see WHAT the browser is sending you.

Best of luck.
If you need more help with PHP: comp.lang.php

Regards,
Erwin Moller

--
============================
Erwin Moller
Now dropping all postings from googlegroups.
Why? http://improve-usenet.org/
============================
.

Relevant Pages

  • Re: populate a popup window using php and javascript
    ... javascript is infant at best and php is novice. ... when the user clicks on one of the trips a popup window opens with the ...
    (comp.lang.php)
  • Re: Improved popup window
    ... This due to poor javascript code used in this popup. ... If you want to size your window to fit the image from php you could ...
    (comp.lang.php)
  • Re: New Window
    ... Netscape HTML Tag Reference ... If you are willing to use JavaScript, that would probably be a much ... window with information taken from another field. ... I want this all with only php and html. ...
    (comp.lang.php)
  • PHP Security Framework: Vuln and Security Bypass
    ... Summary: Remote File Inclusion ... SQL Injection Protection Bypass ... So this can lead to RFI if the php directives ... The code for the Administrator class is situated in the ...
    (Bugtraq)
  • Re: Programmatic clicking and new windows
    ... You can search through the window objects ... Now this is sort of a funny sort of ... PHP is able to work with this event handler ...
    (microsoft.public.scripting.vbscript)