[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 636
  • Last Modified:

Javascript nested quotes

Can somebody help me with the following code:

var pickid = "testPickId";
setTimeout('ajaxPickingListAction("PickingList.Action.ReversePick.Confirm.php?pickid="'+ pickid +')',3000);

There is problem with my quotes. Note that pickid is a variable

the ultimate objective is to how to get the setTimeout run with my code..

thanks
0
encus
Asked:
encus
  • 2
1 Solution
 
najhCommented:
that's actually confusing, but to start with, i assume that it should end with the same quote as you started with... so the end should be 3000'); shouldn't it?

which is the variable to it? if it's just the pickid which changes, then maybe you could write:
setTimeout(ajaxPickingListAction("PickingList.Action.ReversePick.Confirm.php?pickid="+ pickid ), 3000);
0
 
BigRatCommented:
You're doing too much at once and running out of quotes :-

var pickid = "testPickId";
var command = 'ajaxPickingListAction("PickingList.Action.ReversePick.Confirm.php?pickid="'+ pickid + ')';
setTimeout(command,3000);

and even :-

var pickid = "testPickId";
var url = 'PickingList.Action.ReversePick.Confirm.php?pickid='+ escape(pickid);
var command = 'ajaxPickingListAction("' + url + '")';
setTimeout(command,3000);

I split such actions up into pieces, they become much simpler to modify. Note that SetTimeout takes a string which is executed with (effectively) eval(). Note also that when sending anything to the server, the data ought to be escaped. In your example of course it is a constant (pickid), so it is strictly not necessary. But as I said, when you modify things .............


0
 
encusAuthor Commented:
Thx BigRat, this is the way actually I am doing also, but just trying to put everything in one line as I have got too much codes that needs to be modulised.

Anyway thank you so much for the solution, and just to check with you is the escape() equivalent to mysql_escape_string() in php?
0
 
BigRatCommented:
Answer to your question : Probably.

When you actually send data from an HTML page to the server you MUST escape the data to avoid certain characters. The browser does this automatically from input, textarea and other elements. There are less problems when one sends the data via POST (usually AJAX), but not escaping for example a space, can lead to a failure to access the server.

When constructing URLs in the server on making an HTML page one must again escape the query parts of the URL in the same way. This again is not so serious as most browsers, on processing a link in an HTML page, will escape them for you.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now