0

I have an SQL table that is updated through PHP. On an editJob page, you can navigate to it and enter a job number in a text box that then inserts that job number into the SQL and creates an entry. You can then add operations to the job number. However, what I want to be able to do is navigate to the page with PHP variables entered into the URL which then autofill the text box with the job number from the URL. I can't figure out how to check whether this PHP variable is present in my javascript.

Here is the relevant javascript below:

<script type="text/javascript">
    function jobCheckCallback (data) {

    if (data.includes("<td")) {
    alert("Job already exists. Edit this job by clicking Edit on the job's overview page");
    document.getElementById("jobID").value = 0;
    } else {
    var njobID = document.getElementById("jobID").value;
    if (njobID == "") njobID = 0;
        else njobID= <?php echo $jobID; ?>;
        sendAsync("editDatabase.php?sql=UPDATE+customerlist+SET+jobID="+njobID+" WHERE+jobID=" +jobID);
        sendAsync("editDatabase.php?sql=UPDATE+operations+SET+jobID="+njobID+" WHERE+jobID="+jobID);
        sendAsync("editDatabase.php?sql=UPDATE+jobfiles+SET+jobID="+njobID+" WHERE+jobID="+jobID);
        sendAsync("editDatabase.php?sql=UPDATE+pallets+SET+jobID="+njobID+" WHERE+jobID="+jobID);
        sendAsync("editDatabase.php?sql=UPDATE+jobs+SET+jobID="+njobID+" WHERE+jobID="+jobID,function(id){
        return function(){
                setjobID(id);
        }
    }(njobID));
  }
}
</script>

The error message I get is "SyntaxError: missing ; before statement" but I'm guessing its another issue causing this error.

EDIT: $jobID is the PHP variable that can be entered into the URL, and is then autofilled into the textbox on the page.

Improve this question
5
  • You're missing some closing curly braces } but more importantly Do not execute SQL that was sent by the user! Tjat is a huge vulnerability! Imagine if someone decided to send DELETE FROM customerlist?? That would be bad. You should have a page you send jobIDs to that performs all of the actions (call it updateJobId.php or something) Commented Apr 18, 2016 at 2:20
  • Those missing } curly braces didn't come through when I pasted them here, but they're there now. Commented Apr 18, 2016 at 2:22
  • 1
    And the people who'll be using this system aren't the computer-savvy people so I'm willing to risk the vulnerabilities, but I do appreciate your concern. Commented Apr 18, 2016 at 2:23
  • alright... anyway, the answer is to use <?php echo json_encode($jobID); ?> I'm betting the jobID is blank so it's causing an error in the JS Commented Apr 18, 2016 at 2:25
  • Projects like this tend to grow into bigger things. Do yourself a favor and heed @Eksepshon's advice -- pass the data back to PHP and let PHP assemble the SQL. Commented Apr 18, 2016 at 5:12

1 Answer 1

Reset to default
1

Have you checked the resulting page source? I suspect you need to wrap the php output statement with quotes so:

else njobID= '<?php echo $jobID; ?>';

So if job ID is empty it won't result in invalid js.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you, I actually didn't think of that.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.