0

Assuming in PHP file there're :

    function printAllRows(){
      for( everyrows in db){
         echo "<tr>";
         echo "<td> $_POST['..'] <td>";
         echo "<td> $_POST['..'] <td>";
         echo "<tr>"; 
      }

     }


function printSpecifRows($keyword){
  .....
 }

// When the page loads for the first time

 if ($db->preRow() >0){ // count rows in DB , if there already show them as table 
printAllRows();
}

At the same time , there is 

<input type="text" name="keywoard"  />
<input type="submit" name="find" value="search" />

If the user enter the keyword press the button , then just show the rows match the keyword!

so :

if( $_POST["find"]){
 ?>

 <script>
 // first clear the current DOM table
  document.getElementById("myTable").innerHTML="";
 </script>

 <?php


 // then print again! according to printSpecifRows($keyword) 
 function printSpecifRows($keyword){
  .....
 }}

But the problem here is that JS is rendered first before PHP , so printSpecifRows($keyword) won't never be reached , any idea. I really appreciate your help. Thanks.

Improve this question
4
  • 3
    Danger: This code is vulnerable to XSS. User input needs escaping before being inserted into an HTML document!. Commented Jun 9, 2015 at 16:27
  • Do you reaslize PHP and JavaScript do not run at the same time? Why would you right out JavaScirpt to clear the table on a new page load? Commented Jun 9, 2015 at 16:29
  • 2
    js is not "rendered" before PHP. php executes on the server, js executes on the client. they're completely different environment. Commented Jun 9, 2015 at 16:29
  • thank you , @epascarello ,@MarcB , i just learn many new things from this question. Commented Jun 9, 2015 at 16:47

1 Answer 1

Reset to default
3

You are massively over-complicating things. Get rid of the <script> entirely. There is no need or point in involving JS here.

Just change the PHP so it doesn't output all the data in the first place if you don't want it on the page.

if ($_POST["find"]){
    printSpecifRows($_POST["find"]);
} else {
    printAllRows();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

it's good practice to use if (isset($_POST["find"])){... to avoid undefined index error, (or use filter_input)
oh my bloody sexy gf, My thought is so deep that i messed everything , thank you so much Quentin. And about XSS why so?? in simple explanation , i'm rookie :) thanks again
@febri23 About XSS: stackoverflow.com/questions/15755323/… There are clear examples.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.