Saving javascript prompt() to mysql_问答_开发者

<script type="text/javascript">
function saveReason()
{
var reason=prompt("I'm saving this because","");
if (reason!=null && reason!="")
  {
  <?php
       mysql_query("INSERT INTO `save` (reason) VALUES ('reason'))");
  ?>
  }
}
</script>

I feel stupid because I don't think my idea will work. What is the proper way to take data fr开发者_开发技巧om a prompt() box and save it to mysql?

This answer is going to be a roundup of most of the things I've seen here so far, but a bit more elaborate.

You seem to be confused in what is server side and what is client side code. PHP code is executed before the content of the page is sent to the client. This page contains your javascript. Because the php is executed on the server, before being sent to the client, we call it server side code. Because php is a programming language that is executed on the server side, we call it a server side language.

So your page containing the javascript and the html is sent to the client. The browser now interprets the html, and suddenly finds a <script> tag. It immediately starts executing the javascript between the script tags. Because this script is executed in the client's browser, we say that it is executed at the client side. However, it is wrong to say that javascript is a purely client side language now that things like node.js are being used, but, as it seems your just starting to figure out all this stuff, I'd stick with php for the server side. If you master php, and the concepts of client and serverside scripting, nodejs is definitely something worth looking at. But now, I'm moving away from the main point of this answer. To get back to it, let's have a look at the code you posted. All this code is placed in a .php file:

<script type="text/javascript">
function saveReason()
{
var reason=prompt("I'm saving this because","");
if (reason!=null && reason!="")
  {
  <?php
       mysql_query("INSERT INTO `save` (reason) VALUES ('reason'))");
  ?>
  }
}
</script>

now let's see what happens when this page is requested. When the server starts looking at a php file, it is in HTML mode. Which means that anything it encounters is going to be added to the output. So your javascript will be added to the output untill line 6, because on line 7, you open the php tags. The server now goes into PHP mode, which means it executes the php code it encounters, adding any output of the php code to the already processed output.

Your sql query is processed. The query adds one row to the table 'save' where the column 'reason', gets a value of 'reason', because that's the string you're passing to it. After this query, the server encounters the closing php tag. It now adds the rest of the html to the output, and beams that to the user. The page the user will receive now looks like this:

<script type="text/avascript">
function saveReason()
{
var reason = prompt("I'm saving this because");
if (reason!=null && reason!="")
  {
  }
}

The way you should do this is using AJAX. AJAX stands for Asynchronuous Javascript And XML.

This basically means sending a request to the server without reloading the page. This is possible in native javascript, but because of differences between browsers, it is easier to use a javascript framework. The code you write using a framework is also more readable. I'll show you how it's done using jQuery, one of the easiest to learn framework out there.

    $.post("save.php", { reason: reason});

This code sends a post request to your server

On your server, you create a file called save.php which will handle the data. Using the code you posted, the php file would look like this:

<?php
$reason = $_POST['reason'];     // gets the data it received from the request
mysql_query("INSERT INTO `save` (reason) VALUES ('"+$reason+"'))");
?>

now, for security, you should make the data you get from the user safe to put into a database, so that hackers can't use sql injection, so you should change line 2 to

$reason = mysql_real_escape_string($_POST['reason']);

You'll probably also want to make sure that users can't add extra html, or even worse, extra javascript to your page. You can achieve this by adding an extra line before your mysql_query like this:

$reason = strip_tags($reason);

You can shorten this by editing line 2 to

$reason = mysql_real_escape_string(strip_tags($_POST['reason']));

I hope that helps.

The proper way would be to forget mysql completely when talking of JS. You can't interact with mysql with JS. you can make a call to PHP script, which will talk with mysql.
But it will be another PHP script, not one you run to show this very page.

You need to understand how does a browser work.

Whole PHP script being executed on the server side, resulting with pure HTML in the browser. HTML and JS only. No PHP in the browser.

that's why you can't program both HTML form and it's handler in the same PHP script by just placing latter one right after first one. You will have to make another call to the server to make handler work. it will be completely another call, another instance of the same script, while previous one is dead already long time ago - that's another thing you have to know about PHP:

PHP scripts execution is atomic. It's not like a desktop application constantly running in your browser, and not even a demon with persistent connection to your desktop application. It's more like a command line utility - doing it's job and exits. It runs discrete:

a browser makes a call
PHP wakes up, creates an HTML page, sends it to the browser and dies
Browser renders that HTML and shows it to the user.
User clicks a link
a browser makes a call
another PHP instance, knowing nothing of the previous call, wakes up and so on

You would need to use AJAX to send the data from the prompt to the server-side PHP script.

If you're using JQuery, your Javascript would look something like this:

 function saveReason()
{

    var reason=prompt("I'm saving this because","");
    if (reason!=null && reason!="")
    {
        $.post("save.php", { reason: reason});
    }
}

Your PHP code in 'save.php' would look something like this:

$reason = mysql_escape_string($_POST['reason']);
mysql_query("INSERT INTO `save` (reason) VALUES ($reason))");

When you figure out the technical way achieve what you're trying here (Ajax call to serverphp that handles a SQL insert) DON'T DO IT!!!! The security chasm you're opening in letting anyone send anything they want into your DB is so wide that a 3 year old will be able to drive malicious code through it. Let the user provide some values and then write SQL yourself to utilize those values.

Javascript is client side language and PHP is server side language. You must make ajax request to send wanted data to server and do what you want with (insert reason in this case).

It can not be done that way because PHP is server-side and executes before the javascript is even loaded (client-side). If you really want to do it this way I think you'll have to take a look at AJAX, it allows you to make a request to another page using javascript. This way you could access anotherfile.php?reason=reasonhere and execute the query on that page.