Include a php query inside javascript?

[Jax2]

Hi all, not sure if I should have this in this section or PHP, but I figure since the script itself is JS, it should go here.

 

I have a simple verification script that does nothing more really than check to make sure fields submitted on a form aren't blank, and then warns the user before they submit the form to please fill out that part.

 

It works great as it is, but I need it to go one step further.

 

I need to enter the following code:

 

$sql="select count (*) from ".$prefix."users where username=".cusername.value."";
$result=mysql_query($sql, $db);
$total=mysql_num_rows($result);
if ($total!="0")
	{
alert('Username Already Exists, please choose another.');
cusername.focus();
return false;
	}

 

which contains a variable used by the JS script cusername, checks to make sure that that username doesn't already exist in the database, and disallow the form being submitted until they change the name. Here is the JS code I am using... I'm not sure how I would add this to it, as every way I've tried has failed:

 

<script language="JavaScript">
function checkForm()
{
   var cusername, cpassword, cpassword2, cemail;
   with(window.document.msgform)
   {
      cusername = username;
  cpassword = password;
  cpassword2 = password2;
  cemail = email;
   }

   if(cusername.value == '')
   {
      alert('Please enter a user name!');
      cusername.focus();
      return false;
   }

   if (cpassword.value == '')
    {
  alert('Please enter a password!');
  cpassword.focus();
  return false;
}
   if (cpassword2.value == '')
    {
  alert('Please confirm your password!');
  cpassword2.focus();
  return false;
}
   if (cemail.value == '')
    {
  alert('You must use a valid email address.');
  cemail.focus();
  return false;
}
    if (cpassword.value != cpassword2.value)
 {
  alert('Your passwords did not match.');
  cpassword.focus();
  return false;
 }
  }
</script>

So, I need to get the value of cusername, which I can do with cusername.value, but then I need to do the sql query on the DB to make sure it's not already there.

 

Thanks in advance for any help provided!

[sspoke]

I haven't read anything you wrote except the title if you put a mysql query into javascript your site will get hacked extremely easy. thats about it.

 

ah i understand you need to read about $_GET / $_POST method

 

can't answer your question without knowing what type of FORM you have.. is your form method="GET"? or method="POST"

 

$sql="select count (*) from ".$prefix."users where username=".cusername.value."";

 

change .cusername.value. to  $_GET['cusername']        OR  $_POST['cusername']

 

$sql="select count (*) from ".$prefix."users where username=".$_GET['cusername']."";

 

$sql="select count (*) from ".$prefix."users where username=".$_POST['cusername']."";

 

one of them should work.. you should also add some error checking like

 

if(isset($_GET['cusername']) { then do query.. }

 

otherwise someone may not even submit form it will cause errors.. note it won't actually cause errors because it still gets submitted as empty.. but it may if someone does it incorrectly =]

[Jax2]

The form is a standard php post form that posts the data to (for example) nextpage.php

 

The JS script goes over the form before it is sent to nextpage.php.

 

I could easily do the error checking with simple php after the user hits submit and before it's stored in the database, but unfortunately, the way the site is set up, there is already post data when the user reaches the form itself, so if they hit the back key to go back and correct mistakes, it has erased all their data. That is why I switched to JS form check in the first place.

 

So I simply need to figure out how to access $prefix.users and make sure the username doesn't already exist and if so, warn them ahead of time. I know it can be done, I just don't know anything about javascript and mysql, only php & mysql.

 

[gamblor01]

I think the best way to accomplish this would be to perform an AJAX query (looks like you already knew that though).  The easiest way to do this is to probably just modify the PHP code from earlier and just have it echo the total num rows that it finds ( "1" if the username exists, and "0" otherwise).  I don't think you want to select count(*) and then call mysql_num_rows on that...otherwise you are ALWAYS going to get one row back -- the row that tells you how many rows are in the table.  Anyway, let's assume you put this code into a file called checkUser.php:

 

<?php
// db connection info here

// get the prefix and cusername out of the request
$prefix  = $_GET['prefix'];
$cusername = $_GET['cusername'];

$sql="select * from ".$prefix."users where username='$cusername'";
$result=mysql_query($sql, $db);
$total=mysql_num_rows($result);
echo "$total";
?>

 

Now just write a very simple function in AJAX (which can be copied into your existing Javascript code) to invoke that PHP page and retrieve the value:

 

<script type="text/javascript">
var xmlhttp;

function checkUser(prefix, cuser)
{
  xmlhttp=GetXmlHttpObject();
  if (xmlhttp==null)
  {
    alert ("Sorry but your browser does not support AJAX or Javascript has been disabled");
    return;
  }

  // call the checkUser.php script
  var url = "checkUser.php";

  // append the prefix and cusername
  url = url + "?prefix=" + prefix;
  url = url + "&cusername=" + cuser;

  // execute the fully formed request
  xmlhttp.onreadystatechange=stateChanged;
  xmlhttp.open("GET",url,true);
  xmlhttp.send(null);
}


function stateChanged()
{
  if (xmlhttp.readyState==4)
  {
    return xmlhttp.responseText;
  }
}


function GetXmlHttpObject()
{
  if (window.XMLHttpRequest)
  {
    // code for IE7+, Firefox, Chrome, Opera, Safari
    return new XMLHttpRequest();
  }
  if (window.ActiveXObject)
  {
    // code for IE6, IE5
    return new ActiveXObject("Microsoft.XMLHTTP");
  }
  return null;
}
</script>

 

 

 

Inside of your own Javascript code you can just do something like:

 

var userExists = checkUser("foo", "bar");
if (var == 1)
{
  // username already exists!
}
else
{
  // allow the creation because the user doesn't exist yet
}

 

 

Something like that should work.