setting window size and php

I'm rather new in JavaScript, but I have some experience in php.
I learned it's rather easy to open a window of a specified size with
JavaScript, that you need to specify the opened file, but I don't see
how to do that in php.
The file I want to open is "detail.php?item=$item". This generates a
query, which results in a table of at most 5x3 items. I want a window
size that is of an appropriate size. I tried:
<HEAD>
<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
<!--
function NewWindow() {
window.open("detail.php?item=$item", "new", "width=500, height=300");
}
//-->
</SCRIPT>
- - - -
</HEAD>
and as hyperlink
<A HREF="detail.php?item=$item" TARGET="new" onClick="NewWindow();
return false;">details</A>

As a matter of fact I tried in the header more than just the example
shown, but no result. With this I came closest, getting a message that
my SQL syntax was wrong. Which isn't.

I also tried setting the window size within the details.php. But then
all windows became of the same size.

I know that php is server-side and JavaScript is client-side.

Any help or hint will be appreciated.
Annette

re: setting window size and php

Annette Block schreef:

Hi Annette,
Well, you let PHP just put in the right values for JavaScript to use.
Leave out LANGUAGE="JavaScript".

Stop using the <!-- also. ;-)

Excactly.
And you don't want $item of course, you want its value.

So why don't you put it there? Like this:
<A HREF="detail.php?item=<?php echo $item; ?>" TARGET="new"
onClick="NewWindow(); return false;">details</A>

That means more is wrong.
I bet your SQL is vunurable to SQL injection.
If you from PHP take a value from the user, theat it like dangerous
stuff that will try to corrupt your database. Never trust it.

SO, do this:
$itemPassed = (int)$_GET["item"];
when you expect an integer.

If you expect a string, make sure you escape it well before feeding to
your database.
It is VERY EASY to pass a value that will delete everything in your
database.

Google for SQL injection for more info.

SInce you didn't show us code that should do that, we cannot possibly
comment on it.
Yes.
Regards,
Erwin Moller
--
============================
Erwin Moller
Now dropping all postings from googlegroups.
Why? http://improve-usenet.org/
============================

re: setting window size and php

On Mon, 29 Sep 2008 13:22:57 +0200 wrote Erwin Moller
<Since_humans_read_this_I_am_spammed_too_much@spam yourself.com>:
Thank you, Erwin.
Your tips were very helpful. Now I get a window of the right size,
that is in IE. In Firefox it is still a whole page, but I prefer to
count my blessings.
I'm aware of the danger of getting wrong input. In this case the user
can only click on a number and, if he /she wishes so, more details and
backgrounds are given.
However a strange thing happened. I got an error message saying that
there is an unknown column '$item' in 'where clause'. Of course there
is a column called 'item'. Somehow the value is not transferred. This
is also strange as I get no signal about when moving the mouse over
the hyperlink. I guess this is PHP, so I trust I'll manage sooner or
later. But thanks for your help.
Regards,
Annette

re: setting window size and php

Annette Block schreef:Hi Annette,

A few tips about debugging that helped me a lot:
1) When debugging HTML, always FIRST do a 'view source' of the results
PHP sent you. Simply check if all the things you want in the page are
put there with their right values.
2) When debugging postings/requests from a browser to PHP, simply do this:

echo "<pre>";
print_r($_POST);
echo "</pre>";
exit;

Or $_GET, or whatever you want to see.
That way you can easily see WHAT the browser is sending you.

Best of luck.
If you need more help with PHP: comp.lang.php

Regards,
Erwin Moller

--
============================
Erwin Moller
Now dropping all postings from googlegroups.
Why? http://improve-usenet.org/
============================