Improve company productivity with a Business Account.Sign Up

x
?
Solved

Creating strings using PHP including calls to javascript functions - having problems where javascript function does not accept the data passed.

Posted on 2014-03-22
9
Medium Priority
?
852 Views
Last Modified: 2014-03-27
Using PHP to access data from database (MYSQL) - this part is not a problem.
have PHP function that use database and create html code (as strings) that are passed to javascript, which include calls to alert().

Check the image supplied: When I click on CLICK the alert dialog displays - so far so good.
Unfortunately when I pass data as string to the alert() function is when I get problems - nothing happens.

Here is a sample of my code:
$wString = "<a href=\&#39;javascript:alert();\&#39;>CLICK</a>";
works fine, shows empty alert dialog (as per image attached) - as soon as I try and put data inside the alert function - problems.

I have tried all manner of combinations to encase the data inside the () e.g. \\\\\\', \\\', \\\&#39;, \', \", etc etc - driving me nuts. I am obviously missing something - any help appreciated.

Gary
error.png
0
Comment
Question by:AIGS
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39948246
What happens if you try
$wString = "<a href='javascript:alert(\"Hello\");'>CLICK</a>";
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39948266
That should work.  I checked this and it does work.  If your text from your database has &#39; in it, you can't use '\' to escape it.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>PHP/JS Alert</title>
</head>
<body>
<h1>PHP/JS Alert</h1>
<?php 
$wString = "<a href=\"javascript:alert('This is the way');\">CLICK</a>";
echo $wString;
 ?>
</body>
</html>

Open in new window

0
 
LVL 1

Author Comment

by:AIGS
ID: 39948319
I tried:
$wString = "<a href='javascript:alert(\"Hello\");'>CLICK</a>"; - doesn't work
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39948336
It works here.
<html>
<head></head>
<body>
<?php
$wString = "<a href='javascript:alert(\"Hello\");'>CLICK</a>";
echo $wString;
?>
</body>
</html>

Open in new window

0
 
LVL 1

Author Comment

by:AIGS
ID: 39948353
The string that I create which incorporates the alert() is passed back through two other functions as far as I can tell which make up the final line of code.

echo "insDoc(aux" . $auxCount  . ", gLnk('S', 'Responses: "  . $row["mf_threads"] . " - Last: " . writeDate($row["mf_lastthread"],"S") . "', 'javascript:loadMe(&quot;" . getDetails() . "&quot;)'));\r\n";

The line I am having trouble with, is created in the function getDetails() as per the code above.

I hope this helps to clarify my problem.  The echo above is used to write the code to browser as javascript.
0
 
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 750 total points
ID: 39948444
@AIGS, we've shown you two ways that work.  somehow you have to end up with one of those formats.

I would never write it that way either.  I would build a string in pieces and concatenate them together and then echo it.  Trying to put it all on one line like that just confuses things.  Something like this.
$output = "insDoc(aux" . $auxCount  . ", gLnk('S', 'Responses: ";
$output .= $row["mf_threads"] . " - Last: ";

$wDate = writeDate($row["mf_lastthread"],"S");
$output .= $wDate;

$getdet = getDetails();
$output .= "', 'javascript:loadMe('$getdet')'));\r\n";

echo $output;

Open in new window

0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39948551
Statements like this leave professional programmers SMH:

echo "insDoc(aux" . $auxCount  . ", gLnk('S', 'Responses: "  . $row["mf_threads"] . " - Last: " . writeDate($row["mf_lastthread"],"S") . "', 'javascript:loadMe(&quot;" . getDetails() . "&quot;)'));\r\n";

This is PHP AntiPractice #9.  Don't write code like that - you'll never be able to debug it.

It looks like you have many layers of overlapping output formatting and perhaps one or more of these introduce errors of some sort into the process.  I would try to simplify the question to the point that you get the SSCCE.  Once you see that, the issues will almost always become obvious and easy to fix.

You might also want to try using HEREDOC notation (heed, but do not be put off by the Warning).  I find that it greatly simplifies the way PHP handles string variables.  Quotes can be confusing and stacked quotes can be confusinger :-)

Please see a simple example of HEREDOC at http://iconoun.com/demo/temp_aigs.php

<?php // demo/temp_aigs.php
error_reporting(E_ALL);

// A VARIABLE IN THE PHP SCRIPT
$d = date('r');
$m = 'When was this page created? ' . $d;

// A HEREDOC BLOCK OF HTML WITH JAVASCRIPT AND VARIABLE SUBSTUTION
$html = <<<ENDHTML
<script>
alert('$m');
</script>
ENDHTML;

echo $html;

Open in new window

The reason this works well is that quote marks have no meaning inside a HEREDOC block.  Variable substitution takes place without regard to the quotes and apostrophes.  So your only consideration of the meaning of the quotes is given to the meaning of the quotes in the resulting string, not the PHP variable substitution process.  In this case alert('$m'); contains quotes that are meaningful in the resulting JavaScript command.

HTH, ~Ray
0
 
LVL 35

Accepted Solution

by:
Slick812 earned 750 total points
ID: 39950793
greetings AIGS, , unfortunately having PHP Browser output with -
$wString = '<a href="javascript:alert(\'TEST\');">click me</a>';
echo $wString;

the above code works, HOWEVER
it is a different consideration when you use PHP to write javascript code variable values as strings

PHP - $wString = '<a href=\\"javascript:alert(\'TEST\');\\">click me</a>';
now echo out php in JS code
<script>
var str1 = "<php echo $wString; ?>";
</script>

In the $wString I HAVE TO double escape the string, Once for the PHP and then again for the Javascript, In PHP I use the single ' and escape the PHP for that, and in javascript I use the opposite double " , BUT I need to use \\" , not for PHP, but for javascript, which is using the " so any " in that string NEEDS to be escaped so you have to double escape it   \\"

And I tell you , that it gets mighty confusing trying to write PHP to javascript code as strings, AUUGGHH!
if you look at the page source for the javascript from PHP output, you can often see the mistake for the ' or " in a string

I generally find that it helps me if I use a different " or single ' in the javascript as I used in PHP, but not always.
0
 
LVL 1

Author Closing Comment

by:AIGS
ID: 39960195
Thanks for your help. Breaking it up into smaller pieces instead of on one line allowed me to see it more clearly and rectify where needed - now working fine.

Again Thanks.
0

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

585 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question