在腳本中使用window.parent已經

Question

所以我有這樣的：

/* ---------------------------- */ 
/* XMLHTTPRequest Enable */ 
/* ---------------------------- */ 
function createObject() { 
var request_type; 
var browser = navigator.appName; 
if(browser == "Microsoft Internet Explorer"){ 
request_type = new ActiveXObject("Microsoft.XMLHTTP"); 
}else{ 
request_type = new XMLHttpRequest(); 
} 
return request_type; 
} 

var http = createObject(); 
/* -------------------------- */ 
/* INSERT */ 
/* -------------------------- */ 
var nocache = 0; 
function insert() { 
document.getElementById('insert_response').innerHTML = "Please Wait. " 
var fID= encodeURI(document.getElementById('fID').value); 
var kommentar= encodeURI(document.getElementById('kommentar').value); 
nocache = Math.random(); 
// Pass variables like URL variable 
http.open('get', 'insert.php?fID='+fID+'&kommentar=' +kommentar+'&nocache = '+nocache); 
http.onreadystatechange = insertReply; 
http.send(null); 
} 
function insertReply() { 
if(http.readyState == 4){ 
var response = http.responseText; 
document.getElementById('insert_response').innerHTML = ''+response; 
} 
} 

此我要在index.php文件。在那裏你可以寫評論，然後按提交。當你按下submit時，它會運行這個腳本::傳遞變量到insert.php，並在insert_response中顯示響應。在insert.php中，它將註釋插入數據庫。

<?php 
      mysql_query("INSERT INTO comments (fID, navn, kommentar, dato) VALUES ('$fID', '$pusername' ,'$kommentar', '$dato')") or 
       die(mysql_error()); 
echo "Comment successfully"; 
?> 
<script type="text/javascript"> 
if (window.parent) { 
    window.parent.someFunction('hello world'); 
} 
</script> 

這是我的insert.php ^，正如你看到我想發送消息「hello world」給window.parent。

但它不會出於某種原因，它不喜歡這個腳本innerhtml插入到insert_response div。

現在window.parent，我以爲，是我的index.php在那裏我有這樣的：

<script type="text/javascript"> 
function someFunction(msg) { 
    alert(msg); 
} 
</script> 

謝謝！

Insert.php，dispactched到客戶端：

<?php 
ob_start(); 
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past 
header('Content-type: text/html; charset=utf-8'); 
include('../tilslut.php'); 
    define('IN_PHPBB', true); 
    $phpbb_root_path = '../../../'; 
    $phpEx = substr(strrchr(__FILE__, '.'), 1); 
    include($phpbb_root_path . 'common.' . $phpEx); 

    // Start session management 
    $user->session_begin(); 
    $auth->acl($user->data); 
    $user->setup(); 
    $pusername = $user->data['username']; 
if($user->data['is_registered']){ 
?> 
<!-- Verify if user exists for login --> 
<html> 
<head> 
<link href="../style.css" type="text/css" rel="stylesheet" /> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script> 
<script type="text/javascript" src="../ajax_framework.js" language="javascript" charset="UTF-8"></script> 
</head> 
<body> 
<?php 
if(isset($_GET['fID']) && isset($_GET['kommentar'])){ 
$fID= $_GET['fID']; 
$kommentar= $_GET['kommentar']; 
     $resultat = mysql_query("SELECT * FROM member_filmcomments WHERE navn = '".mysql_real_escape_string($pusername)."' AND fID = '$fID'") or 
      die(mysql_error()); 
     $row = mysql_fetch_array($resultat); 
$resultat2 = mysql_query("SELECT * FROM member_filmcomments WHERE navn = '".mysql_real_escape_string($pusername)."' AND kommentar = '".$kommentar."' AND fID = '".$fID."'") or die(mysql_error()); 
     $row2 = mysql_fetch_array($resultat2); 
     $k10check = mysql_query("SELECT * FROM member_filmcomments WHERE navn = '".mysql_real_escape_string($pusername)."'") or die(mysql_error()); 
$oldtimecheck = mysql_query("SELECT dato FROM member_filmcomments WHERE navn = '".mysql_real_escape_string($pusername)."' AND fID = '".$fID."'") or die(mysql_error()); 
$oldtimec = mysql_fetch_array($oldtimecheck); 
$realDate = $oldtimec["dato"]; 
       if(empty($kommentar)){ 
     echo "Tomt! Du skal indtaste en kommentar i feltet."; 
       }elseif (mysql_num_rows($resultat2) == 1) { 
     echo "Dobbelpost. Du har allerede skrevet samme kommentar én gang."; 
       }elseif((strtotime($realDate) + 120) > time()) { 
     echo "Vent venligst 2 minutter, før du skriver en ny kommentar i samme klip!"; 
       }else{ 
       $dato = date("Y-m-d H:i:s"); 
       $pointsystem = mysql_query("SELECT gpk, gpk10 FROM member_pointsystem"); 
       $row = mysql_fetch_array($pointsystem); 
       $k10 = mysql_real_escape_string($row["gpk10"]); 
       $earning = mysql_real_escape_string($row["gpk"]); 
         if (mysql_num_rows($k10check) == 10) { 
mysql_query("UPDATE member_profile SET points = points+$k10") or die(mysql_error()); 
echo "<b>Du har fået +".$k10." Points, for at have kommenteret 10 gange i video-sektionen!</b><br>"; 
} 
mysql_query("UPDATE member_profile SET points = points+$earning") or die(mysql_error()); 
      mysql_query("INSERT INTO member_filmcomments (fID, navn, kommentar, dato) VALUES ('$fID', '$pusername' ,'$kommentar', '$dato')") or 
       die(mysql_error()); 
?> 
if (window.parent) { 
    window.parent.someFunction('hello world'); 
} 
<? 
} 
} 
?> 
<!-- Footer End of user logged in --> 
<? 
}else{ 
echo "Authorited Users Only!"; 
} 
ob_flush(); 
?> 

Answer 1

而是嵌入一個<script標籤的，爲什麼不乾脆EVAL代碼下載？當然，你必須信任服務器，並且響應必須是總是是javascript。

服務器端

<?php 
      mysql_query("INSERT INTO comments (fID, navn, kommentar, dato) VALUES ('$fID', '$pusername' ,'$kommentar', '$dato')") or 
       die(mysql_error()); 
echo "Comment successfully"; 
?> 
if (window.parent) { 
    window.parent.someFunction('hello world'); 
} 

客戶端

function insertReply() { 
if(http.readyState == 4){ 
var response = http.responseText; 
eval(response); 
} 
}