2

I have a form which gets validated by javascript. In one of the if statements, in the final condition (when everything else has been validated) I would like to put my PHP script that updates SQL with one of the passwords.

This is the final validation:

function passwordCheck() {
    var password = '<?php echo $password; ?>';
    if (document.passwordform.inputedPassword.value == password)
    {
        if (document.passwordform.Password1.value == document.passwordform.Password2.value)
        {
            *********************************************************
        } else 
        {
            document.getElementById("equalpasswords1").innerHTML = "Passwords should be equal";
            document.getElementById("equalpasswords2").innerHTML = "Passwords should be equal";
        }
    } else 
    {
        text = "Insert a correct password";
        document.getElementById("editpassword").innerHTML = text;
    }
    return true;
}

And I would like to insert a call to my PHP script where the stars are. How could I do this? I read that you can't insert PHP into javascript, so it has to be an external PHP file. My SQL update code is this one:

<?php              
$x = $_POST['Password2'];

define('DB_NAME', 'Students');
define('DB_USER', 'Students');
define('DB_PASSWORD', 'Password');
define('DB_HOST','HOST');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

if (!link) {
  die('Could not connect: ' . mysql_error());
}

$db_selected = mysql_select_db(DB_NAME, $link);

if (!$db_selected) {
  die('Can\'t use'. DB_NAME. ': ' . mysql_error());
}    


$result = "UPDATE  `1956218_students`.`Students` SET  `Password` =  '$x' WHERE  `Students`.`StudEmail` = '$email'  ";
if (!mysql_query($result)) {
die('error: ' .mysql_error());
} 

?>
Improve this question
5
  • 3
    You have to use AJAX. Commented Nov 3, 2015 at 1:38
  • 1
    This is open to SQL injections as well. Commented Nov 3, 2015 at 1:43
  • You're trying to get people to enter their current password, but yet you echo the password in plain text to the page... What are you trying to prevent there? Also you are vulnerable to SQL injection and you should be hashing your passwords. Commented Nov 3, 2015 at 1:44
  • Please don't mind about SQL injection and plain text, I'll work on that later. I just want to get this working for now Commented Nov 3, 2015 at 1:51
  • 1
    Do what you want, but in general that is a bad way to code. First, it's significantly easier when you have something fresh on your mind to just do it right the first time around. Second, you may actually completely forget to go back and do something. Third, if you do remember to fix it, you're still doing double the work than just doing it right in the first place. Commented Nov 3, 2015 at 2:03

1 Answer 1

Reset to default
0

You need to realize that JavaScript is being executed at client's side (in browser), while the PHP code is being executed at server's side.

So you need to make another request to the server, so that PHP codes can handle / process it (validate the password, prepare some response - ideally in JSON format etc.).

You might want to do something like:
How to validate a username / password via JQuery / Ajax?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.