1

so this function seems to be confusing me.

    echo"
<td style='font-size:12px;width:150px;'><div style=\"overflow-y:auto; max-height:250px; width:200px;\">
{$row['Notes']} </div><br /><center><br />

    <button onclick=\"myFunction('{$row['ID']}','$rowID')\">Add Note</button>



<form action=\"http://calls.fantomworks.com/functions/notes.php\" id='notesForm' name='notesForm' method='post'>
    <input type='hidden' id='notesID' name='notesID' />
    <input type='hidden' id='rowID' name='rowID'/>
    <input type='hidden' id='notes' name='notes' />
    </form>


</center>";

Calls this javascript

<script language="JavaScript" type="text/javascript">
    function myFunction(ID,rowID) 
    {
        var x;
        var ID = ID;
        var rowID = rowID;
        var note = prompt("Customer Note","Write your customer note here...");

        if (note != null) {
            document.getElementById("notes").value = note;
            document.getElementById("notesID").value = ID;
            document.getElementById("rowID").value = rowID;
            document.getElementById("notesForm").submit();
        } 
    else{
       return false;
        }
    }
</script>

and ends up at this php page

$notesID = $_POST['notesID'];
$rowID = $_POST['rowID'];
$note = $_POST['notes'];
//Redirect to browser
header("Location: ./index.php#row_$rowID");

The only problem is that the rowID does not seem to be making it through and generates links ending like "index.php#row_"

I can't make sense of why rowID isn't coming through but NotesID and notes are. As you can see from the debug the value is there. enter image description here

Thanks for any thoughts or suggestions!!

Improve this question
3
  • You may want to be careful of vulnerabilities that you are introducing there such as HTTP Response Splitting in the header() function. Commented Sep 11, 2015 at 12:52
  • Put this in your myFunction as the first line in the body of the function: console.log(ID, rowID). then check in the browser dev tools what the second value is when you trigger the function (e.g. by clicking something). If it's empty you might want to check the value of $rowID before you generate the markup at all. Commented Sep 11, 2015 at 12:57
  • yup, I can echo out the correct $rowID on the line before and can see they're all correct Commented Sep 11, 2015 at 14:28

1 Answer 1

Reset to default
2

The script at "http://calls.fantomworks.com/index.php" is being POSTed to by your javascript function - thus the variable that you seek ought to be available through the $_POST global.

Try changing

header("Location: ./index.php#row_$rowID");

To

header("Location: ./index.php#row_{$_POST['rowID']}");

Incidentally, the three variables you define in the javascript function seem redundant and could be removed by the looks of things, namely:-

var x;
var ID = ID;
var rowID = rowID;

Have had a closer look since posting original ( and hadn't noticed the assignment of posted vars by the @OP ) - there are hundreds of forms on the page in question - same IDS used from row to row to row. IMHO - this is definitely NOT the way forward - You could have just one form for "Add Note" as you dynamcally set the value by clicking the button. It does appear that the relevant vars ( rowID etc ) are being set and assigned to the button that calls the javascript so theoretically you could have just one form that is used to post to "notes.php" but have this button on each row.

In terms of a general critique / suggestions

The page is very slow to load - due in part to there being hundreds of complex table row layouts, and by the looks of things a form for every button - then there are the images which themselves are fullsize but could really be ( and should be ) thumbnails. The number of forms could be drastically reduced if each button were to dynamically assign the variables like the one in the question above.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Nice one on the unused variables tho I think interpolating the same value differently doesn't make a difference, or well it shouldn't anyways. I would suggest that the OP check the generated HTML to see if the correct $rowID is actually set rather than something nonexistant.
couldn't figure out why it wouldn't pass but ended up just using a different ID. THanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.