PHP / Javascript Set Focus

Thank you for looking at my question,

I have a .php page that will display one of a number of possible forms for user input dependent upon values posted from the preceding form; $StockItem and $Meter.

I am trying to set up a SetFocus function that will recognise the combination of StockItem and Meter values and
1) set the cursor to the first input box on the loaded form
2) disable the loaded form's Submit button so that it can be enabled later after validation of the user input

My starting point for the Set Focus function looks like this:
<script type="text/javascript" language="JavaScript">
	function jsSetFocus(){
		var StockItem = <?php echo $StockItem ?>;
		var Meter =<?php echo $Meter ?>;
		
		alert ("Stock Item: " + StockItem);
		
		alert ("Meter: " + Meter);
		
		if (StockItem == "Meter"){
			//document.forms["NewMeter"]["TubeAssembly"].focus();
			alert ("Stock Item: " + StockItem);
		} else {
			alert ("Meter: " + Meter);
		}
	}
	jsSetFocus();

Open in new window


Should put up message boxes based on values but doesn't even do that.

Can any body advise me why and suggest how I should proceed?

Thank you
Section1.php
Gary CroxfordOperations Support AnalystAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Julian HansenCommented:
If you are not getting the message boxes I am guessing there is an error. Have you checked your console (F12) for errors?
ste5anSenior DeveloperCommented:
Just a comment:
This mix-up of PHP and JavaScript makes it unnecessarily hard to test your functions. Using it like this:

<script type="text/javascript" language="JavaScript">
    function jsSetFocus(StockItem, Meter) {
        alert ("Stock Item: " + StockItem);
        alert ("Meter: " + Meter);
        if (StockItem == "Meter"){
            //document.forms["NewMeter"]["TubeAssembly"].focus();
            alert ("Stock Item: " + StockItem);
        } else {
            alert ("Meter: " + Meter);
        }
    }

    jsSetFocus(<?php echo $StockItem ?>, <?php echo $Meter ?>);
</script>

Open in new window


Allows to you built simpler tests..
Gary CroxfordOperations Support AnalystAuthor Commented:
getting an error around the line

var StockItem = <?php echo $StockItem; ?>;

$StockItem evaluates to Stock and the error is Stock is undefined - need to go away and read up on what's happening / not hapeninb here
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

ste5anSenior DeveloperCommented:
After reviewing your PHP file: *ouch*

You're using a not validated, not sanitized user input: $StockItem = $_GET["StockItem"];

This is also the cause for the error, I guess you forgot to add the parameter in the URL when calling the page.
Gary CroxfordOperations Support AnalystAuthor Commented:
ste5an,

Please forgive my ignorance but what do you mean by not validated or sanitized?

the parameter is in the URL calling the page

http://10.30.1.155/ed1/Forms/Section1.php?StockItem=Stock&Meter=1000&ProdnOrder=553553553&SalesOrder=&SerialNo=&VECode=1913029989
Julian HansenCommented:
var StockItem = <?php echo $StockItem; ?>;

Open in new window

Should be
var StockItem = "<?php echo $StockItem; ?>";

Open in new window

You are missing the quotes

The resulting JavaScript would have been
var StockItem=Stock;

Open in new window

Whcih is not valid unless Stock is defined somewhere else

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ste5anSenior DeveloperCommented:
Your code allows to inject HTML into your page via that parameter. The minimal thing you should do:

$StockItem = htmlentities($_GET["StockItem"]);

Open in new window

and you should also look at filter_input.
Gary CroxfordOperations Support AnalystAuthor Commented:
Julian Hansen, Ste5an,

I'm splitting the reward between you, I hope this is OK with both of you. Julian you answered the question I asked but Ste5an provided valuable information about the way I should be doing things.

Thank you both
Julian HansenCommented:
You are welcome.
Julian HansenCommented:
Note you only need htmlentities if the value you are outputing is HTML that originated from the wild. For instance someone captured the HTML in a form and submitted it and it was saved to the db.

If you are just outputting a normal value from your db you don't need to encode it.

Rule of thumb - if the data is from an untrusted source and is not guaranteed to be clean then you should clean it before you output it - otherwise there is no need.

In this case it is coming in from the URL so I would do this
$StockItem = isset($_GET['StockItem']) ? strip_tags($_GET['StockItem']) : '';

Open in new window

This would be better than htmlentities() as I suspect that HTML tags are not valid in your stock item - so encoding them is just encoding invalid input.
The above can be further expanded to verify that stock and meter parameters are actually in the right format - for this you could use a preg_match to make sure the value matches a given pattern - that is the best way to guaranteeing that your data is clean.
Assume StockItem is alpha-numerci between 5 and 9 chars then you can validate like this
if (preg_match('/^[a-z0-9]{5,9}$/i', $StockItem,$match)) {
  // stock item is valide
  echo "valid {$StockItem}<br>";
}
else {
	echo "invalid {$StockItem}<br>";
}

Open in new window

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JavaScript

From novice to tech pro — start learning today.