将 php 变量传递给 javascript 函数
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18425530/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
passing a php variable into javascript function
提问by Mar Far
I am trying to pass a php value, obtained from a join query, to a javascript function. The javascript function will open a new window and show some data based on the passed value.My query works fine but the php value is not passed to the JS function.
我正在尝试将从联接查询中获得的 php 值传递给 javascript 函数。javascript 函数将打开一个新窗口并根据传递的值显示一些数据。我的查询工作正常,但 php 值未传递给 JS 函数。
My code :
我的代码:
<script type="text/javascript">
function product(var) {
window.open( "view_product_info.php?var", "myWindow",
"status = 1, height = 300, width = 300, resizable = 0" )
}
</script>
\ the line where i am trying to pass the php varibale
echo '<td align="center" ><a href="javascript:product('.$product_id.');"> <br/> '.$row['product_name'].'</a></td>';
why the php value $product_id is not passed to the product function.
为什么 php 值 $product_id 没有传递给 product 函数。
Thanks in advance.
提前致谢。
The code:
编码:
<script type="text/javascript">
<!--
function product(var) {
window.open( "view_product_info.php?id", "myWindow",
"status = 1, height = 300, width = 300, resizable = 0" )
}
function company() {
window.open( "index.php", "myWindow",
"status = 1, height = 300, width = 300, resizable = 0" )
}
function category() {
window.open( "index.php", "myWindow",
"status = 1, height = 300, width = 300, resizable = 0" )
}
//-->
//-->
<?php include("includes/header.php");
$search = $_POST['search'];
$sql= "my query1..";
$sql2= "my query2";
$result=mysql_query($sql);
$result2=mysql_query($sql2);
if($result) {
echo '<center>';
echo '<table cellpadding="0" cellspacing="0" border="1" width="100%">';
echo '<tr><th>Sr No.</th><th>Product Name</th><th>Company Name</th> <th>Category</th></tr>';
$number=1;
while ($row = mysql_fetch_array($result)){
$row2 = mysql_fetch_array($result2);
echo $product_id=$row2[product_id];
echo '<tr> ';
echo '<td align="center" >'.$number.'</td>';
echo '<td align="center" ><a href="javascript:product('<?= $product_id?>')">
''';
''';
echo '<td align="center"><a href="javascript:company()" ><br/> '.$row['company_name'].'</td>';
echo '<td align="center"><a href="javascript:category()" ><br/> '.$row['category_name'].'</td>';
$number=$number+1;
}echo '</tr>';
echo'</table>';
echo'</center>';
}
else {
echo "No data found";
//echo mysql_error();
}
}
}
?>
采纳答案by Shomz
If it's not a number, you need to quote it:
如果不是数字,则需要引用它:
<?php
echo '<td align="center" ><a href="javascript:product(\''.$product_id.'\');">
<br/> '.$row['product_name'].'</a></td>';
?>
Or, a neater way, use php just when needed (no PHP tags around, it's HTML with inserted PHP):
或者,一种更简洁的方法,在需要时使用 php(周围没有 PHP 标签,它是带有插入 PHP 的 HTML):
<td align="center" ><a href="javascript:product('<?= $product_id ?>')">
<br/><?= $row['product_name'] ?></a></td>
You can also define a JavaScript value and assign the PHP value to it and then use it, like:
您还可以定义一个 JavaScript 值并将 PHP 值分配给它,然后使用它,例如:
var pid = '<?= $product_id ?>'; // then call product(pid)
etc...
EDIT
编辑
Code fix.
代码修复。
This:
这个:
<?php
...
// php stuff
...
echo '<tr> ';
echo '<td align="center" >'.$number.'</td>';
echo '<td align="center" ><a href="javascript:product('<?= $product_id?>')">
<br/>'<?= $row['product_name']?>'</a></td>';
echo '<td align="center"><a href="javascript:company()" ><br/> '.$row['company_name'].'</td>';
echo '<td align="center"><a href="javascript:category()" ><br/> '.$row['category_name'].'</td>';
$number=$number+1;
}echo '</tr>';
echo'</table>';
echo'</center>';
Can become something like this:
可以变成这样:
<?php
...
// php stuff
...
?> // close the PHP tag and switch to HTML
<tr>
<td align="center" ><?= $number ?></td>
<td align="center" ><a href="javascript:product('<?= $product_id?>')"> <br/>'<?= $row['product_name']?>'</a></td>
<td align="center"><a href="javascript:company()" ><br/> <?= $row['company_name'] ?></td>
<td align="center"><a href="javascript:category()" ><br/> <?= $row['category_name'] ?></td>
<?php // reopen PHP tag when needed
$number++; // incrementation simplified
}
?> // close again
</tr>
</table>
</center>
Something like that.
类似的东西。
Also, read hereabout the deprecated mysql_* functions and why you should switch to mysqli_* or PDO.
另外,请在此处阅读有关已弃用的 mysql_* 函数以及为什么应该切换到 mysqli_* 或 PDO。
回答by Amit Malakar
Try this:
尝试这个:
...
...
</script>
\ the line where i am trying to pass the php varibale
<?php
echo '<td align="center" ><a href="javascript:product('.$product_id.');"> <br/> '.$row['product_name'].'</a></td>';
?>
回答by Abhi Beckert
You need to be careful when doing this, as it can allow a hacker to take over your server in many situations.
执行此操作时需要小心,因为它可以让黑客在许多情况下接管您的服务器。
The correct approach is to use json_encodeand htmlspecialchars. Failing to do both is a security risk. Read up on the documentation for each to learn what they do.
正确的方法是使用json_encode和htmlspecialchars。两者都做不到会带来安全风险。阅读每个文档的文档以了解他们的工作。
Here is the correct, and safe, way to do it:
这是正确且安全的方法:
$escaped_product_id = htmlspecialchars(json_encode($product_id));
$escaped_product_name = htmlspecialchars($row['product_name']);
echo '<td align="center" ><a href="javascript:product('.$escaped_product_id.');"> <br/> '.$escaped_product_name.'</a></td>';
