0

I am currently working on making a simple php script to edit certain aspects of a game in JavaScript. When attempting to pass variables from the script to the game using forms, the variable data does not seem to transfer. As of now, the script is meant to edit the RDG value of one player in the game. The code is as follows:

script.php:

<html>
<head>
<title>Form</title>
</head>
<body>

<form method="get" action="tron2.html">


<p>What are your player 1's RGB values:
<input type="text" name="color1r" /> Red 
<input type="text" name="color1g" /> Green 
<input type="text" name="color1b" /> Blue </p>

<input type="submit" value="Submit" />

</form>

</body>
</html>

And the portion of the code in javascript where variables are assigned

<?php

$color1r = $_POST["color1r"];
$color1g = $_POST["color1g"];
$color1b = $_POST["color1b"];


?>


<HTML>
    <HEAD>
    <TITLE>
        Tron2 
    </TITLE>
    <script>
                    var x = "<?=  $color1r; ?>";
                    var y = "<?=  $color1g; ?>";
        var z = "<?=  $color1b; ?>";
                     //more code for the game

When the game runs, the color of the player stays black, so the values of x,y,z must all be 0. Is there any reason why the values aren't being passed?

Improve this question
4
  • 4
    <?= already implies echo. Not sure what <?= echo does. Commented Feb 21, 2013 at 2:01
  • I removed echo, and it still has the same issue Commented Feb 21, 2013 at 2:04
  • If this still isn't working it could be something else. Commented Feb 21, 2013 at 2:32
  • To make sure other parts were working properly, I changed the values to regular values between 0 and 255 and the color did change so I do believe the problem is isolated here Commented Feb 21, 2013 at 2:34

2 Answers 2

Reset to default
6 
<form method="get" ...>

and 

$color1r = $_POST["color1r"];

are not friends.

<form method="post" ...> and $color1r = $_POST["color1r"]; are friends, and
<form method="get" ...> and $color1r = $_GET["color1r"]; are also friends.

Also <?= echo should error. Use <? echo $string or <?=$string

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I changed the "method = "get"" to "post" but it seems that the problem is still there, nothing changes
I like your description :)
0

Aside from tangential POST/GET mixup, always use json_encode() to output PHP variables in JS code.

echo without escaping or other escaping functions will generate invalid and/or insecure code.

<script>var jsvalue = <?php echo json_encode($phpvalue) ?>;</script>

In your specific case:

<form method="post" action="tron2.html">

and

<script>
    var x = <?= json_encode($color1r) ?>;
Improve this answer

7 Comments

Why is that needed/how does this fix the problem which is obviously a get/post data mixup?
This is not an answer to the question and is not true. echo without escaping or other escaping functions may generate invalid and/or insecure code.
@popnoodles saying "not true" is a bit harsh; you're pedantic about lucky secure case in a very common most-likely-vulnerable pattern.
@jimjimmy1995 if somebody sends data with value "; evil_session_hijacking_code(); " then your site will run attacker's code. There's plenty of non-obvious filter-evading tricks here, but json_encode() protects against them all by default.
I concur with @porneL, Properly escaping the data is important. Outputting unsanitized output in JS code is just as bad as doing it in HTML.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.