setting window size and php

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • Annette Block

    setting window size and php

    I'm rather new in JavaScript, but I have some experience in php.
    I learned it's rather easy to open a window of a specified size with
    JavaScript, that you need to specify the opened file, but I don't see
    how to do that in php.
    The file I want to open is "detail.php?ite m=$item". This generates a
    query, which results in a table of at most 5x3 items. I want a window
    size that is of an appropriate size. I tried:
    <HEAD>
    <SCRIPT TYPE="text/javascript" LANGUAGE="JavaS cript">
    <!--
    function NewWindow() {
    window.open("de tail.php?item=$ item", "new", "width=500, height=300");
    }
    //-->
    </SCRIPT>
    - - - -
    </HEAD>
    and as hyperlink
    <A HREF="detail.ph p?item=$item" TARGET="new" onClick="NewWin dow();
    return false;">details </A>

    As a matter of fact I tried in the header more than just the example
    shown, but no result. With this I came closest, getting a message that
    my SQL syntax was wrong. Which isn't.

    I also tried setting the window size within the details.php. But then
    all windows became of the same size.

    I know that php is server-side and JavaScript is client-side.

    Any help or hint will be appreciated.
    Annette
  • Erwin Moller

    #2
    Re: setting window size and php


    Annette Block schreef:

    Hi Annette,
    I'm rather new in JavaScript, but I have some experience in php.
    I learned it's rather easy to open a window of a specified size with
    JavaScript, that you need to specify the opened file, but I don't see
    how to do that in php.
    Well, you let PHP just put in the right values for JavaScript to use.
    The file I want to open is "detail.php?ite m=$item". This generates a
    query, which results in a table of at most 5x3 items. I want a window
    size that is of an appropriate size. I tried:
    <HEAD>
    <SCRIPT TYPE="text/javascript" LANGUAGE="JavaS cript">
    Leave out LANGUAGE="JavaS cript".

    <!--
    Stop using the <!-- also. ;-)

    function NewWindow() {
    window.open("de tail.php?item=$ item", "new", "width=500, height=300");
    }
    //-->
    </SCRIPT>
    - - - -
    </HEAD>
    and as hyperlink
    <A HREF="detail.ph p?item=$item" TARGET="new" onClick="NewWin dow();
    return false;">details </A>
    Excactly.
    And you don't want $item of course, you want its value.

    So why don't you put it there? Like this:
    <A HREF="detail.ph p?item=<?php echo $item; ?>" TARGET="new"
    onClick="NewWin dow(); return false;">details </A>

    >
    As a matter of fact I tried in the header more than just the example
    shown, but no result. With this I came closest, getting a message that
    my SQL syntax was wrong. Which isn't.
    That means more is wrong.
    I bet your SQL is vunurable to SQL injection.
    If you from PHP take a value from the user, theat it like dangerous
    stuff that will try to corrupt your database. Never trust it.

    SO, do this:
    $itemPassed = (int)$_GET["item"];
    when you expect an integer.

    If you expect a string, make sure you escape it well before feeding to
    your database.
    It is VERY EASY to pass a value that will delete everything in your
    database.

    Google for SQL injection for more info.

    >
    I also tried setting the window size within the details.php. But then
    all windows became of the same size.
    SInce you didn't show us code that should do that, we cannot possibly
    comment on it.
    >
    I know that php is server-side and JavaScript is client-side.
    Yes.
    >
    Any help or hint will be appreciated.
    Annette
    Regards,
    Erwin Moller
    --
    =============== =============
    Erwin Moller
    Now dropping all postings from googlegroups.
    Why? http://improve-usenet.org/
    =============== =============

    Comment

    • Annette Block

      #3
      Re: setting window size and php

      On Mon, 29 Sep 2008 13:22:57 +0200 wrote Erwin Moller
      <Since_humans_r ead_this_I_am_s pammed_too_much @spamyourself.c om>:
      >
      >Annette Block schreef:
      >
      >Hi Annette,
      >
      >I'm rather new in JavaScript, but I have some experience in php.
      >I learned it's rather easy to open a window of a specified size with
      >JavaScript, that you need to specify the opened file, but I don't see
      >how to do that in php.
      >
      >Well, you let PHP just put in the right values for JavaScript to use.
      >
      >The file I want to open is "detail.php?ite m=$item". This generates a
      >query, which results in a table of at most 5x3 items. I want a window
      >size that is of an appropriate size. I tried:
      ><HEAD>
      ><SCRIPT TYPE="text/javascript" LANGUAGE="JavaS cript">
      >
      >Leave out LANGUAGE="JavaS cript".
      >
      >
      ><!--
      >
      >Stop using the <!-- also. ;-)
      >
      >
      >function NewWindow() {
      >window.open("d etail.php?item= $item", "new", "width=500, height=300");
      >}
      >//-->
      ></SCRIPT>
      >- - - -
      ></HEAD>
      >and as hyperlink
      ><A HREF="detail.ph p?item=$item" TARGET="new" onClick="NewWin dow();
      >return false;">details </A>
      >
      >Excactly.
      >And you don't want $item of course, you want its value.
      >
      >So why don't you put it there? Like this:
      ><A HREF="detail.ph p?item=<?php echo $item; ?>" TARGET="new"
      >onClick="NewWi ndow(); return false;">details </A>
      >
      >
      >>
      >As a matter of fact I tried in the header more than just the example
      >shown, but no result. With this I came closest, getting a message that
      >my SQL syntax was wrong. Which isn't.
      >
      >That means more is wrong.
      >I bet your SQL is vunurable to SQL injection.
      >If you from PHP take a value from the user, theat it like dangerous
      >stuff that will try to corrupt your database. Never trust it.
      >
      >SO, do this:
      >$itemPassed = (int)$_GET["item"];
      >when you expect an integer.
      >
      >If you expect a string, make sure you escape it well before feeding to
      >your database.
      >It is VERY EASY to pass a value that will delete everything in your
      >database.
      >
      >Google for SQL injection for more info.
      >
      >
      >>
      >I also tried setting the window size within the details.php. But then
      >all windows became of the same size.
      >
      >SInce you didn't show us code that should do that, we cannot possibly
      >comment on it.
      >
      >>
      >I know that php is server-side and JavaScript is client-side.
      >
      >Yes.
      >
      >>
      >Any help or hint will be appreciated.
      >Annette
      >
      >Regards,
      >Erwin Moller
      Thank you, Erwin.
      Your tips were very helpful. Now I get a window of the right size,
      that is in IE. In Firefox it is still a whole page, but I prefer to
      count my blessings.
      I'm aware of the danger of getting wrong input. In this case the user
      can only click on a number and, if he /she wishes so, more details and
      backgrounds are given.
      However a strange thing happened. I got an error message saying that
      there is an unknown column '$item' in 'where clause'. Of course there
      is a column called 'item'. Somehow the value is not transferred. This
      is also strange as I get no signal about when moving the mouse over
      the hyperlink. I guess this is PHP, so I trust I'll manage sooner or
      later. But thanks for your help.
      Regards,
      Annette

      Comment

      • Erwin Moller

        #4
        Re: setting window size and php


        Annette Block schreef:
        On Mon, 29 Sep 2008 13:22:57 +0200 wrote Erwin Moller
        <Since_humans_r ead_this_I_am_s pammed_too_much @spamyourself.c om>:
        >
        >Annette Block schreef:
        >>
        >Hi Annette,
        >>
        >>I'm rather new in JavaScript, but I have some experience in php.
        >>I learned it's rather easy to open a window of a specified size with
        >>JavaScript, that you need to specify the opened file, but I don't see
        >>how to do that in php.
        >Well, you let PHP just put in the right values for JavaScript to use.
        >>
        >>The file I want to open is "detail.php?ite m=$item". This generates a
        >>query, which results in a table of at most 5x3 items. I want a window
        >>size that is of an appropriate size. I tried:
        >><HEAD>
        >><SCRIPT TYPE="text/javascript" LANGUAGE="JavaS cript">
        >Leave out LANGUAGE="JavaS cript".
        >>
        >>
        >><!--
        >Stop using the <!-- also. ;-)
        >>
        >>
        >>function NewWindow() {
        >>window.open(" detail.php?item =$item", "new", "width=500, height=300");
        >>}
        >>//-->
        >></SCRIPT>
        >>- - - -
        >></HEAD>
        >>and as hyperlink
        >><A HREF="detail.ph p?item=$item" TARGET="new" onClick="NewWin dow();
        >>return false;">details </A>
        >Excactly.
        >And you don't want $item of course, you want its value.
        >>
        >So why don't you put it there? Like this:
        ><A HREF="detail.ph p?item=<?php echo $item; ?>" TARGET="new"
        >onClick="NewWi ndow(); return false;">details </A>
        >>
        >>
        >>As a matter of fact I tried in the header more than just the example
        >>shown, but no result. With this I came closest, getting a message that
        >>my SQL syntax was wrong. Which isn't.
        >That means more is wrong.
        >I bet your SQL is vunurable to SQL injection.
        >If you from PHP take a value from the user, theat it like dangerous
        >stuff that will try to corrupt your database. Never trust it.
        >>
        >SO, do this:
        >$itemPassed = (int)$_GET["item"];
        >when you expect an integer.
        >>
        >If you expect a string, make sure you escape it well before feeding to
        >your database.
        >It is VERY EASY to pass a value that will delete everything in your
        >database.
        >>
        >Google for SQL injection for more info.
        >>
        >>
        >>I also tried setting the window size within the details.php. But then
        >>all windows became of the same size.
        >SInce you didn't show us code that should do that, we cannot possibly
        >comment on it.
        >>
        >>I know that php is server-side and JavaScript is client-side.
        >Yes.
        >>
        >>Any help or hint will be appreciated.
        >>Annette
        >Regards,
        >Erwin Moller
        >
        Thank you, Erwin.
        Your tips were very helpful. Now I get a window of the right size,
        that is in IE. In Firefox it is still a whole page, but I prefer to
        count my blessings.
        I'm aware of the danger of getting wrong input. In this case the user
        can only click on a number and, if he /she wishes so, more details and
        backgrounds are given.
        However a strange thing happened. I got an error message saying that
        there is an unknown column '$item' in 'where clause'. Of course there
        is a column called 'item'. Somehow the value is not transferred. This
        is also strange as I get no signal about when moving the mouse over
        the hyperlink. I guess this is PHP, so I trust I'll manage sooner or
        later. But thanks for your help.
        Regards,
        Annette
        Hi Annette,

        A few tips about debugging that helped me a lot:
        1) When debugging HTML, always FIRST do a 'view source' of the results
        PHP sent you. Simply check if all the things you want in the page are
        put there with their right values.
        2) When debugging postings/requests from a browser to PHP, simply do this:

        echo "<pre>";
        print_r($_POST) ;
        echo "</pre>";
        exit;

        Or $_GET, or whatever you want to see.
        That way you can easily see WHAT the browser is sending you.

        Best of luck.
        If you need more help with PHP: comp.lang.php

        Regards,
        Erwin Moller

        --
        =============== =============
        Erwin Moller
        Now dropping all postings from googlegroups.
        Why? http://improve-usenet.org/
        =============== =============

        Comment

        Working...