I am trying to validate input login via javascript by passing PHP variables. I cannot execute it properly for some reason. I'd appreciate your comments. Here's the code:
PHP:
$personal = mysqli_query($connect,"SELECT * FROM basic ORDER BY user_id DESC ");
while($row = mysqli_fetch_array($personal)){
$user = $row['username'];
$user_password = $row['password'];
}
Javascript / jQuery:
function enter_log() {
var login_username = $("#username_field_log");
var pass_password = $("#pass_field_log");
var button = $("#enter_field_log");
var php = "<?= echo $user; ?>";
if ((login_username.val() == "") || (pass_password.val() == "")) {
$("#user_log_info").fadeIn('slow');
$("#user_log_info").text("Not a proper login input");
login_username.addClass("error");
pass_password.addClass("error");
return false;
}
else if ((login_username.val() != php ) || (pass_password.val() == "")) {
$("#user_log_info").fadeIn('slow');
$("#user_log_info").text("Not a proper login input");
login_username.addClass("error");
pass_password.addClass("error");
return false;
}
}
So in other words - the code should return false ( and it does so ) when the fields are empty but it doesn't return开发者_JS百科 TRUE when the input is correct ( I mean when the username is correct ) so I assume the PHP variable $user
is not passed by correctly to javascript?
Validation should not be done via Javascript. For any number of reasons I can crack open Firebug or Chrome and hack your web page if you validate there. You should use PHP code for your validation and make sure you properly sanitize your input.
Regarding your use of PHP tags:
var php = "<?php echo $user; ?>";
Is how you should write your code. Per the PHP Manual
http://www.php.net/manual/en/language.basic-syntax.phpmode.php
1. <?php echo 'if you want to serve XHTML or XML documents, do it like this'; ?>
2. <script language="php">
echo 'some editors (like FrontPage) don\'t
like processing instructions';
</script>
3. <? echo 'this is the simplest, an SGML processing instruction'; ?>
<?= expression ?> This is a shortcut for "<? echo expression ?>"
4. <% echo 'You may optionally use ASP-style tags'; %>
<%= $variable; # This is a shortcut for "<% echo . . ." %>
Item 1 is actually the preferred format.
Short tags (example three) are only available when they are enabled via the short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option.
It should be var php = "<? echo $user; ?>";
or
var php = "<?= $user; ?>";
echo and <?=
is not needed
I am in agreement that you should not be validating things like this.
Use JS to validate the form on submit to ensure its completed and all sections are complete, then use php or any scripting language then to do a server side validation.
If you want it so that if it fails then the JS displays a message then rather than passing the user details etc then pass a simple php boolean to a variable
for instance
var userValid =
The php $valResult will be the result given by the db check etc
then use this js variable.
A simple, reliable PHP to Javascript encoder is json_encode.
var jsVal = <?php echo json_encode($phpVal); ?>; // note trailing semicolon!
精彩评论