HTML form > Javascript > PHP

Discussion in 'Web Design and Development' started by mikepro44, Feb 18, 2010.

  1. mikepro44 macrumors member

    Joined:
    May 18, 2008
    #1
    So here's my problem in a nut shell:

    I'm trying to get the info that is in my HTML form to my phpmyadmin database.The criteria to do so is to send the form values to a javascript function which collects the values and sends it to my php file.

    As it stands right now, with my HTML I can call the Javascript function that form validates and that loads my php page. So far I've only been able to add empty values into my database. Everything gets added fine if I just do a form action that sends right to my php.

    So I'm wondering if anyone knows what I can do to make this javascript function work?


    Heres my HTML form:

    HTML:
    <form method="post" name="addcard" >
      <p><b>Name:</b>
        <input type="text" name="name" id="name"/>
      </p>
      <p>
      <b>Brand:</b>
      
          <select name="brand" id="brand">
            <option value="1">Donruss</option>
            <option value="2">O'Pee-Chee</option>
            <option value="3">Topps</option>
            <option value="4">Fleer</option>
            <option value="5">Upperdeck</option>
            <option value="6">Pacific</option>
            <option value="7">Parkhurst</option>
          </select>
     
      </p>
      <p><b>Year:</b>
      
    		<select name="year" id="year">
    		  <option value="1">1988</option>
    		  <option value="2">1989</option>
    		  <option value="3">1990</option>
    		  <option value="4">1991</option>
    		  <option value="5">1992</option>
    		  <option value="6">1993</option>
    		  <option value="7">1994</option>
    		  <option value="8">1995</option>
    		  <option value="9">1996</option>
    		</select>
    
    
      </p>
        <b>Stock:</b>
        <input type="text" name="stock" id="stock"/>
    
      <p>
        <input type="submit" value="Add Card" onclick="add_card()"/>
      </p>
    </form>

    My Javascript function etc.(not working with the top variables and xml load) as is:

    Code:
    var name = document.getElementById("name").value;
    var brand = document.getElementById("brand").value;
    var year = document.getElementById("year").value;
    var stock = document.getElementById("stock").value;
    
    function add_card(name,brand,year,stock)
    
    {
    
    	
        var player_name = document.addcard.name;
        var card_brand = document.addcard.brand;
    	var card_year = document.addcard.year;
        var card_stock = document.addcard.stock;
    
        if (player_name.value == "")
        {
            window.alert("Please enter a Name.");
            name.focus();
            return false;
        }
    	
    	if (card_brand.value == "")
        {
            
            brand.focus();
            return false;
        }
    	
    	 if (card_year.value == "")
        {
            
            year.focus();
            return false;
        }
        
    
        if (card_stock.value == "")
        {
            window.alert("Please provide a Stock number.");
            stock.focus();
            return false;
        }
    	else
    	{
    		
    	xmlDoc.load("insert.php?name="+name+"&brand="+brand+"&year="+year+"&stock="+stock);	
        return true;
    	}
    
    }

    My PHP:



    Code:
    <?php
    
    
    
    mysql_connect("localhost","root","") or die(mysql_error());
    
    mysql_select_db("all_Pro");
    
    
    
    $select="INSERT INTO card (name, brand_id_fk, year_id_fk)
    VALUES
    ('$_POST[name]','$_POST[brand]','$_POST[year]')
    ";
    
    
    
    $stock="INSERT INTO stocks (stock_num)
    VALUES
    ('$_POST[stock]')
    ";
    
    
    
    
    $result_card = mysql_query($select) or die(mysql_error());
    
    $result_stock = mysql_query($stock) or die(mysql_error());
    
    
    ?>
    
    
    
     
  2. Cerebrus' Maw macrumors 6502

    Joined:
    Mar 9, 2008
    Location:
    Brisbane, Australia
    #2
    EDIT (sorry if you read my post before)

    I think the reason this is not working is that you have called the php location directly (like through a browser),
    so instead of using the $_POST array, use $_GET in your php

    See if that works

    -Maw
     
  3. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #3
    Why are you using JavaScript to try to send the data? Why not just use the action attribute on the form. It's more direct. If you're going the JavaScript route, I'd recommend using a JavaScript library as they have AJAX functions that would make this much easier. Though, relying on JavaScript makes your form less accessible, like to those with JavaScript disabled as I do.

    Also, on the side of security, your PHP is very vulnerable to SQL-injection attacks, which can destroy your database and compromise any data inside. I would strongly recommend doing some PHP security reading before you post this code live anywhere. Some links to get you started.

    http://corpocrat.com/2009/07/28/filtering-escaping-post-data-from-injection-attacks/
    http://www.smashingmagazine.com/2010/01/14/web-security-primer-are-you-part-of-the-problem/
    http://www.owasp.org/index.php/OWASP_PHP_Filters
    http://www.hardened-php.net
    http://netsecurity.about.com/
     
  4. mikepro44 thread starter macrumors member

    Joined:
    May 18, 2008
    #4
    Its how our teacher wants it done, its an assignment. (Through Javascript) I'd rather do it
    through the form action, but I think I would get docked marks...

    Cerebrus,

    I switched it to GET and now instead of nothing as values in the database, the name comes up as undefined.
     
  5. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #5
    Are you required to use the xmlDoc.Load function? That's loading an XML, not posting content, which seems to be what you want to do. You should use the XMLHttpRequest object really to POST data. Even though it is an assignment, you should learn to make the code more secure, and let the teacher know a guy on the internet said teaching students such insecure ways of coding is irresponsible and is a disservice to the students.

    See this W3C tutorial for proper usage of the xmlDoc object.
     
  6. designguy79 macrumors 6502

    Joined:
    Sep 24, 2009
    Location:
    Michigan
    #6
    I agree whole-heartily agree that this teacher is doing a disservice if he is not teaching them about SQL injection and XSS. (not to mention a myriad of other risks out there!)

    But... I had to chuckle when you said "tell him a guy on the Internet said..."

    Do you realize how easy to blow off whatever follows a statement like that? :cool:

    Not really sure exactly the best method to approach him on it honsestly!

    Depending on the teacher, it could be a volatile situation. I hate to be pessimistic and to stereotype... but... the nerdy teachers I know are the least open to constructive criticism!
     
  7. Darth.Titan macrumors 68030

    Darth.Titan

    Joined:
    Oct 31, 2007
    Location:
    Austin, TX
    #7
    Yep that's the issue. You're sending the values to the $_GET array and php is looking for them in the $_POST array. Fix that and it should work. (Even though it is a bizarre way of doing it.)
     
  8. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #8
    I chose that phrasing intentionally for the purpose of humor :) And I thought that would probably have been better than saying "Angelwatt said ..." That would likely really throw the teacher for a loop. I'll leave it to the student to come up with how to bring up the topic of security to the teacher. The teacher isn't doing worse of a job than one of my PHP books that has equally weak coding practices that I just shake my head at wondering how such crappy code got published and that the guy got paid to write the book.
     
  9. designguy79 macrumors 6502

    Joined:
    Sep 24, 2009
    Location:
    Michigan
    #9
    I thought you might have said it like that on purpose... :)

    mikepro44, let me know if you mention the security issues and how it goes! I am very curious now...

    Good luck with the class and don't stop learning on your own, too!
     
  10. mikepro44 thread starter macrumors member

    Joined:
    May 18, 2008
    #10
    Don't have his class again till next tuesday, but I will bring it up..


    Code still doesn't work after I changed it to GET, so I think the problem is with the javascript function. Do you guys have any idea how I can change it to make it work?

    My main concern is if its passing the info correctly to the javascript and if the variables are working.

    Also, my syntax on the php page.. for example is it fine to have it as ..


    PHP:
    ('$_GET[name]','$_GET[brand]','$_GET[year]')
    or

    should it be ..

    Code:
    (".$_GET[name].",".$_GET[brand].",".$_GET[year].")


    I'll post this in reference, this is a working function i have that we did in class. Its a search bar that goes connects to JS then php.. and then displays the relevant name


    HTML:
    <table width="400" border="0" align="center" cellpadding="0" cellspacing="0">
      <tr>
        <th scope="col"> CARD SEARCH ENGINE</th>
      </tr>
    </table>
    <table width="408" border="0" align="center" cellpadding="0" cellspacing="0">
      <tr>
        <th align="center" scope="col">  <label>Search:
            <input type="text" name="search_field" id="search_field" />
      </label>
      <input type="button" name="button" id="button" value="Go" onclick="get_data()"/> </th>
      </tr>
    </table>
    <p></p>
    <p> </p>
    
    <div id="cards_div">
     
    </div>

    JAVASCRIPT


    Code:
    function get_data(id)
    {
    	if(id == login_id)
    	{
    	
    	var search_text = document.getElementById("search_field").value;
    	if(search_text != "")
    	{
    		xmlDoc.load("get_fields.php?search_field="+search_text);
    		read_data();
    	}
    
    	}
    		
    	else
    	{
    		parent.content.document.getElementById("cards_div").innerHTML = "";
    		
    	}
    }
    
    
    function read_data()
    {
    	
    	 var card_html = '</br></br><label><table width="300" border="1" align="center"><tr><td><b>Player Name</b></td><td><b>Brand Name</b></td><td><b>Year</b></td><td><b>Stock</b></td><td><b>Update Sold</b></td></tr>';
    	 
    	 var cardsNode = xmlDoc.getElementsByTagName("cards");
    	 var cardsList = cardsNode[0].getElementsByTagName("card");
    	 for(var i = 0; i < cardsList.length; i++)
    	 {
    		
    		var name = cardsList[i].getElementsByTagName("Name")[0].firstChild.nodeValue;
    		var brand = cardsList[i].getElementsByTagName("Brand")[0].firstChild.nodeValue;
    		var card_id = cardsList[i].getElementsByTagName("card_id")[0].firstChild.nodeValue;
    		var stocks = cardsList[i].getElementsByTagName("stock_num")[0].firstChild.nodeValue;
    		var year = cardsList[i].getElementsByTagName("Year")[0].firstChild.nodeValue;
    		
    		
    		
    		card_html += '<tr><td><b>'+name+'</b></td><td><b>'+brand+'</b></td><td><b>'+year+'</b></td><td><b>'+stocks+'</b></td>';
    		card_html += '<td><label><input type="button" name="button2" id="button2" value="Buy" onclick="sold('+card_id+')"/></label></td></tr>';
    	 }
    	 if(cardsList.length == 0)
    	 {
    		card_html += '<tr><td>No Results</td></tr>'; 
    	 }
        	
    	
    	
    	card_html += '</table></label>';
    	
    	document.getElementById("cards_div").innerHTML = card_html;
    	
    	
    
    }

    And Finally the php



    PHP:
    mysql_connect("localhost","root","") or die(mysql_error());

    mysql_select_db("all_pro");

    $select 
    "SELECT card.card_id, card.name as Name, brand.name as Brand, year.name as Year, stocks.stock_num
    FROM card
    JOIN (brand,year,stocks)
    ON (card.brand_id_fk = brand.brand_id
        AND
        card.year_id_fk = year.year_id
        AND
        card.card_id = stocks.card_id_fk)
    WHERE card.name LIKE '%"
    .$_GET['search_field']."%'
    ORDER BY year.name DESC ;"
    ;


    $result_card mysql_query($select) or die(mysql_error());
    $result_brand mysql_query($select) or die(mysql_error());
    $result_year mysql_query($select) or die(mysql_error());

    Just put this up to see if you guys could find something in this that I could use to make mine better in any way..


    thanks guys.
     
  11. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #11
    On your GET you need to quote the index. Though I'm not sure what context this was in so may need further edits.
    PHP:
    ($_GET['name'] .','$_GET['brand'] .','$_GET['year'])
    Your function get_data expects an argument, but in your HTML you don't supply one. You make reference the variable login_id, but I don't know where that's set so not sure what id would look like or where it comes from. Do you get any JavaScript errors when you're trying things? Every browser has an error console to see them. Make sure to also make use of the PHP error log.

    At the end of your PHP you have 3 variables that get assigned to the same thing. Not sure if this is temporary or not, but you only need one if not.
     
  12. mikepro44 thread starter macrumors member

    Joined:
    May 18, 2008
    #12
    Heres the errors I get when I try and run it..


    Error: [Exception... "'JavaScript component does not have a method named: "onLocationChange"' when calling method: [nsIWebProgressListener::eek:nLocationChange]" nsresult: "0x80570030 (NS_ERROR_XPC_JSOBJECT_HAS_NO_FUNCTION_NAMED)" location: "<unknown>" data: no]



    Error: document.getElementById("name") is null
    Source File: http://localhost/functions.js
    Line: 319



    Error: [Exception... "'JavaScript component does not have a method named: "onLocationChange"' when calling method: [nsIWebProgressListener::eek:nLocationChange]" nsresult: "0x80570030 (NS_ERROR_XPC_JSOBJECT_HAS_NO_FUNCTION_NAMED)" location: "JS frame :: file:///C:/Users/Mike/AppData/Roaming/Mozilla/Firefox/Profiles/1txwy5ka.default/extensions/%7Be0204bd5-9d31-402b-a99d-a6aa8ffebdca%7D/components/nsSessionStore36.js :: sss_observe :: line 354" data: no]


    Source File: file:///C:/Users/Mike/AppData/Roaming/Mozilla/Firefox/Profiles/1txwy5ka.default/extensions/%7Be0204bd5-9d31-402b-a99d-a6aa8ffebdca%7D/components/nsSessionStore36.js
    Line: 354



    Error: [Exception... "'JavaScript component does not have a method named: "onLocationChange"' when calling method: [nsIWebProgressListener::eek:nLocationChange]" nsresult: "0x80570030 (NS_ERROR_XPC_JSOBJECT_HAS_NO_FUNCTION_NAMED)" location: "<unknown>" data: no]
     
  13. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #13
    Earlier code you provided has a form field with the name "name," but later the HTML does not. It's hard to tell what's going on with only seeing snippets, but that's what this error means. Though, it could also mean that the error is caused by trying to access the element with id "name" too early before the content is loaded.

    In the code you have provided I don't see any mention of the function call on onLocationChange so can't help with that.
     
  14. mikepro44 thread starter macrumors member

    Joined:
    May 18, 2008
    #14
    The second HTML, PHP and Javascript is something totally different then the first part..

    It's a search bar, that actually works for me, using php and js with the html. I just posted it as a reference for the other one.

    ...


    Yeah i dont know where OnLocationChange is coming from, I have no put that in my code anywhere.
     
  15. jafingi macrumors 65816

    jafingi

    Joined:
    Apr 3, 2009
    Location:
    Denmark
    #15
    OnLocationChange comes from the browser's chrome (in your case, Firefox's) - nothing code-wise.

    I would suggest you looking at a framework like jQuery - that makes it totally easy to make ajax-streams (post/get).

    There is absolutely nothing wrong by using frameworks, I've been in the web development industry for 6 years, and everyone does that. Even Google uses jQuery for their web applications.

    PHP:
    ('$_GET[name]','$_GET[brand]','$_GET[year]')  
    That's wrong - why? Single quotes just parses the string as text, however, double quotes parses variables in that string.
    PHP:
    <?
    $var 'Name';
    echo 
    'Hello, $var'//Would return 'Hello, $var'
    echo "Hello, $var"//Would return 'Hello, Name'
    ?>
    Double quoted strings also allows you to use escape sequences such as \n, \r etc.

    Another thing is, that you cannot use $_GET[name], that has to be $_GET['name']. Sure, it works without quotes, but it's wrong, and adds one or multiple errors to the error log.

    You will see it if enabling printing of all errors (error_reporting(E_ALL)).
     
  16. mikepro44 thread starter macrumors member

    Joined:
    May 18, 2008
    #16
    K I have switched it over..


    Code:
    $select="INSERT INTO card (name, brand_id_fk, year_id_fk)
    VALUES
    (".$_GET['name'].",".$_GET['brand'].",".$_GET['year'].")
    ";
    
    
    
    $stock="INSERT INTO stocks (stock_num)
    VALUES
    (".$_GET['stock'].")
    ";


    Any ideas on getting the text field values to javascript then to the php, so it goes into the database?
     
  17. jafingi macrumors 65816

    jafingi

    Joined:
    Apr 3, 2009
    Location:
    Denmark
    #17
    Would be easiest if you used jQuery. Could be done like this:

    PHP:
    $.post("process.php",
      { 
    name: $("input[@name='name']").val(), brand: $("input[@name='brand']").val(), year: $("input[@name='year']").val() , stock: $("input[@name='stock']").val() },
      function(
    data){
        
    //The variable 'data' will return the content posted from process.php
        //You could eventually post it to a div on the page with $('#div').html(data);
      
    }
    );
     
  18. RupertJ macrumors newbie

    Joined:
    Dec 30, 2004
    Location:
    Bristol, UK
    #18
    There's a good chance your JavaScript code isn't working as the calls to getElementById() are running before the elements with those IDs are loaded.

    You can fix this by either putting the JS at the bottom of the page, or have a setup function that's attached to the window.onload event that calls getElementById and sets up your element references.

    Also, you shouldn't ever put variables from $_GET straight into an SQL query - that opens you up to SQL injection attacks. Run it through mysql_real_escape_string() at the very least, but preferably also check the contents of the variable to ensure it's what it's meant to be (IE a number or a string or whatever) or use prepared queries.
     
  19. jafingi macrumors 65816

    jafingi

    Joined:
    Apr 3, 2009
    Location:
    Denmark
    #19
    That's absolutely wrong. Javascript and html aren't loaded linearly, also, getelementbyid is run every time the function is called.

    PHP:
    <script type="text/javascript">
    function 
    test(){
    alert(document.getElementById('testDiv').innerHTML());
    $(
    '#testDiv').remove();
    }
    </script>
    <input type="button" onclick="test();" value="Click me" />
    <div id="testDiv">Bla bla bla...</div>
    First time the button it clicked, the alert will return "Bla bla bla...", second time (when the div is removed from the DOM), it will return blank.

    This proves you wrong.

    (we could also just have used $('#testDiv').html(); to catch the innerHTML of the div - but wanted to use getElementById to showcase your scenario)
     
  20. jafingi macrumors 65816

    jafingi

    Joined:
    Apr 3, 2009
    Location:
    Denmark
    #20
    Actually, another way to prove you wrong is to create the DOM element dynamically onclick AFTER page is loaded:

    PHP:
    <script type="text/javascript">
    function 
    test(){
    alert(document.getElementById('testDiv').innerHTML());
    $(
    '#wrapper').append('<div id="testDiv">Bla bla bla...</div>');
    }
    </script>
    <input type="button" onclick="test();" value="Click me" />
    <div id="wrapper"></div>
    Now, the div 'testDiv' is created the first time the button is pushed.

    First time, the alert will return null (since the div we request doesn't exist), but second time we press the button, it will return "Bla bla bla..."
     
  21. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #21
    You misunderstand what he was saying. He was saying that the getElementById won't work when it's called before the page content inside the body tag has loaded, such as code that is not inside a function. Example,

    HTML:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
    <head>
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
    <title>Example</title>
    <script type="text/javascript">
    alert( document.getElementById('example').innerHTML );
    </script>
    </head>
    <body>
    <div id="example">Sample data.</div>
    </body>
    </html>
    This throws an error for the getElementById function because it returns null. So RupertJ was right in what he said. So you wasted a lot of time trying to prove he was wrong when he was absolutely right.
     
  22. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #22
    That really confuses the thread. So you're posting code that works fine. Can you make it clear which code you've posted you're having issues with? You can reference post numbers if you don't want to repost it, though if you've changed the code, it would be helpful to see the latest so we can tell what you've tried.
     
  23. mikepro44 thread starter macrumors member

    Joined:
    May 18, 2008
    #23
    Ok this is what I'm using...


    HTML

    HTML:
    <body>
    <p><b>Add New Card</b></p>
    <form method="post" name="addcard" >
      <p><b>Name:</b>
        <input type="text" name="name" id="name"/>
      </p>
      <p>
      <b>Brand:</b>
      
          <select name="brand" id="brand">
            <option value="1">Donruss</option>
            <option value="2">O'Pee-Chee</option>
            <option value="3">Topps</option>
            <option value="4">Fleer</option>
            <option value="5">Upperdeck</option>
            <option value="6">Pacific</option>
            <option value="7">Parkhurst</option>
          </select>
     
      </p>
      <p><b>Year:</b>
      
    		<select name="year" id="year">
    		  <option value="1">1988</option>
    		  <option value="2">1989</option>
    		  <option value="3">1990</option>
    		  <option value="4">1991</option>
    		  <option value="5">1992</option>
    		  <option value="6">1993</option>
    		  <option value="7">1994</option>
    		  <option value="8">1995</option>
    		  <option value="9">1996</option>
    		</select>
    
    
      </p>
        <b>Stock:</b>
        <input type="text" name="stock" id="stock"/>
    
      <p>
        <input type="submit" value="Add Card" onclick="add_card()"/>
      </p>
    </form>
    </body>


    EXTERNAL JAVASCRIPT FILE CODE:

    Code:
    
    
    	var name = document.getElementById("name").value;
        var brand = document.getElementById("brand").value;
        var year = document.getElementById("year").value;
        var stock = document.getElementById("stock").value;
    
    
    
    function add_card(name,brand,year,stock)
    
    {
    
    
    
    	
        var player_name = document.addcard.name;
        var card_brand = document.addcard.brand;
    	var card_year = document.addcard.year;
        var card_stock = document.addcard.stock;
    
        if (player_name.value == "")
        {
            window.alert("Please enter a Name.");
            name.focus();
            return false;
        }
    	
    	if (card_brand.value == "")
        {
            
            brand.focus();
            return false;
        }
    	
    	 if (card_year.value == "")
        {
            
            year.focus();
            return false;
        }
        
    
        if (card_stock.value == "")
        {
            window.alert("Please provide a Stock number.");
            stock.focus();
            return false;
        }
    	else
    	{
    		
    
    	
    		 
    	xmlDoc.load("insert.php?name="+name+"&brand="+brand);	
        return true;
    	}
    
    }
    
    
    PHP FILE

    PHP:
    <?php



    mysql_connect
    ("localhost","root","") or die(mysql_error());

    mysql_select_db("all_Pro");



    $select="INSERT INTO card (name, brand_id_fk, year_id_fk)
    VALUES
    ("
    .$_GET['name'].",".$_GET['brand'].",".$_GET['year'].")
    "
    ;



    $stock="INSERT INTO stocks (stock_num)
    VALUES
    ("
    .$_GET['stock'].")
    "
    ;




    $result_card mysql_query($select) or die(mysql_error());

    $result_stock mysql_query($stock) or die(mysql_error());


    ?>



    So, focusing on the external javascript. Do you think with the "getElementById's" I'm calling them too soon? Thus having a null error..
    If so what can I change to make it work?
     
  24. RupertJ macrumors newbie

    Joined:
    Dec 30, 2004
    Location:
    Bristol, UK
    #24
    Cheers angelwatt ;)

    mikepro44 - is that all your HTML? IE, have you cut off the <head>? There doesn't seem to be any reference to the javascript at all in that file. (This may be the problem if you've given us everything there.)

    As a quick and dirty fix, try adding:

    Code:
    <script src="whatever_your_js_file_is_called.js" type="text/javascript"></script>
    right before the end of your body. If that works, we've found the issue. (It's not the best way of doing this though - come back here and we'll give you the proper solution ;) )
     
  25. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #25
    On the JavaScript, those first few lines need should be inside your add_card function because they will currently cause error.

    In your HTML form, you have the submit button set with onclick that calls the add_card function, but provides no arguments. The add_card function expects arguments to be sent to it the way you have it, therefore incompatible. Remove the arguments from the function. You'll be able to access the data you need without passing it in using those first lines I told you to move inside the function. Though, the current first four lines inside your function are functionally doing the same thing as those lines outside the function. So only use one set or the other.

    So here are some points:
    • document.getElementById("name") == document.addcard.name
    • A minor way to add some security to your PHP. I'll use the second query as an example:
      PHP:
      $stock 'INSERT INTO stocks (stock_num)
      VALUES ("'
      mysql_real_escape_string($_GET['stock']) .'")';
    • Another security point, you can never depend on any validation you do with JavaScript. You'll always need to revalidate the values sent on the PHP side.
     

Share This Page