• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 843
  • Last Modified:

Creating strings using PHP including calls to javascript functions - having problems where javascript function does not accept the data passed.

Using PHP to access data from database (MYSQL) - this part is not a problem.
have PHP function that use database and create html code (as strings) that are passed to javascript, which include calls to alert().

Check the image supplied: When I click on CLICK the alert dialog displays - so far so good.
Unfortunately when I pass data as string to the alert() function is when I get problems - nothing happens.

Here is a sample of my code:
$wString = "<a href=\&#39;javascript:alert();\&#39;>CLICK</a>";
works fine, shows empty alert dialog (as per image attached) - as soon as I try and put data inside the alert function - problems.

I have tried all manner of combinations to encase the data inside the () e.g. \\\\\\', \\\', \\\&#39;, \', \", etc etc - driving me nuts. I am obviously missing something - any help appreciated.

Gary
error.png
0
AIGS
Asked:
AIGS
  • 3
  • 2
  • 2
  • +2
2 Solutions
 
Dan CraciunIT ConsultantCommented:
What happens if you try
$wString = "<a href='javascript:alert(\"Hello\");'>CLICK</a>";
0
 
Dave BaldwinFixer of ProblemsCommented:
That should work.  I checked this and it does work.  If your text from your database has &#39; in it, you can't use '\' to escape it.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>PHP/JS Alert</title>
</head>
<body>
<h1>PHP/JS Alert</h1>
<?php 
$wString = "<a href=\"javascript:alert('This is the way');\">CLICK</a>";
echo $wString;
 ?>
</body>
</html>

Open in new window

0
 
AIGSAuthor Commented:
I tried:
$wString = "<a href='javascript:alert(\"Hello\");'>CLICK</a>"; - doesn't work
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Dan CraciunIT ConsultantCommented:
It works here.
<html>
<head></head>
<body>
<?php
$wString = "<a href='javascript:alert(\"Hello\");'>CLICK</a>";
echo $wString;
?>
</body>
</html>

Open in new window

0
 
AIGSAuthor Commented:
The string that I create which incorporates the alert() is passed back through two other functions as far as I can tell which make up the final line of code.

echo "insDoc(aux" . $auxCount  . ", gLnk('S', 'Responses: "  . $row["mf_threads"] . " - Last: " . writeDate($row["mf_lastthread"],"S") . "', 'javascript:loadMe(&quot;" . getDetails() . "&quot;)'));\r\n";

The line I am having trouble with, is created in the function getDetails() as per the code above.

I hope this helps to clarify my problem.  The echo above is used to write the code to browser as javascript.
0
 
Dave BaldwinFixer of ProblemsCommented:
@AIGS, we've shown you two ways that work.  somehow you have to end up with one of those formats.

I would never write it that way either.  I would build a string in pieces and concatenate them together and then echo it.  Trying to put it all on one line like that just confuses things.  Something like this.
$output = "insDoc(aux" . $auxCount  . ", gLnk('S', 'Responses: ";
$output .= $row["mf_threads"] . " - Last: ";

$wDate = writeDate($row["mf_lastthread"],"S");
$output .= $wDate;

$getdet = getDetails();
$output .= "', 'javascript:loadMe('$getdet')'));\r\n";

echo $output;

Open in new window

0
 
Ray PaseurCommented:
Statements like this leave professional programmers SMH:

echo "insDoc(aux" . $auxCount  . ", gLnk('S', 'Responses: "  . $row["mf_threads"] . " - Last: " . writeDate($row["mf_lastthread"],"S") . "', 'javascript:loadMe(&quot;" . getDetails() . "&quot;)'));\r\n";

This is PHP AntiPractice #9.  Don't write code like that - you'll never be able to debug it.

It looks like you have many layers of overlapping output formatting and perhaps one or more of these introduce errors of some sort into the process.  I would try to simplify the question to the point that you get the SSCCE.  Once you see that, the issues will almost always become obvious and easy to fix.

You might also want to try using HEREDOC notation (heed, but do not be put off by the Warning).  I find that it greatly simplifies the way PHP handles string variables.  Quotes can be confusing and stacked quotes can be confusinger :-)

Please see a simple example of HEREDOC at http://iconoun.com/demo/temp_aigs.php

<?php // demo/temp_aigs.php
error_reporting(E_ALL);

// A VARIABLE IN THE PHP SCRIPT
$d = date('r');
$m = 'When was this page created? ' . $d;

// A HEREDOC BLOCK OF HTML WITH JAVASCRIPT AND VARIABLE SUBSTUTION
$html = <<<ENDHTML
<script>
alert('$m');
</script>
ENDHTML;

echo $html;

Open in new window

The reason this works well is that quote marks have no meaning inside a HEREDOC block.  Variable substitution takes place without regard to the quotes and apostrophes.  So your only consideration of the meaning of the quotes is given to the meaning of the quotes in the resulting string, not the PHP variable substitution process.  In this case alert('$m'); contains quotes that are meaningful in the resulting JavaScript command.

HTH, ~Ray
0
 
Slick812Commented:
greetings AIGS, , unfortunately having PHP Browser output with -
$wString = '<a href="javascript:alert(\'TEST\');">click me</a>';
echo $wString;

the above code works, HOWEVER
it is a different consideration when you use PHP to write javascript code variable values as strings

PHP - $wString = '<a href=\\"javascript:alert(\'TEST\');\\">click me</a>';
now echo out php in JS code
<script>
var str1 = "<php echo $wString; ?>";
</script>

In the $wString I HAVE TO double escape the string, Once for the PHP and then again for the Javascript, In PHP I use the single ' and escape the PHP for that, and in javascript I use the opposite double " , BUT I need to use \\" , not for PHP, but for javascript, which is using the " so any " in that string NEEDS to be escaped so you have to double escape it   \\"

And I tell you , that it gets mighty confusing trying to write PHP to javascript code as strings, AUUGGHH!
if you look at the page source for the javascript from PHP output, you can often see the mistake for the ' or " in a string

I generally find that it helps me if I use a different " or single ' in the javascript as I used in PHP, but not always.
0
 
AIGSAuthor Commented:
Thanks for your help. Breaking it up into smaller pieces instead of on one line allowed me to see it more clearly and rectify where needed - now working fine.

Again Thanks.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now