Solved

Creating strings using PHP including calls to javascript functions - having problems where javascript function does not accept the data passed.

Posted on 2014-03-22
9
792 Views
Last Modified: 2014-03-27
Using PHP to access data from database (MYSQL) - this part is not a problem.
have PHP function that use database and create html code (as strings) that are passed to javascript, which include calls to alert().

Check the image supplied: When I click on CLICK the alert dialog displays - so far so good.
Unfortunately when I pass data as string to the alert() function is when I get problems - nothing happens.

Here is a sample of my code:
$wString = "<a href=\&#39;javascript:alert();\&#39;>CLICK</a>";
works fine, shows empty alert dialog (as per image attached) - as soon as I try and put data inside the alert function - problems.

I have tried all manner of combinations to encase the data inside the () e.g. \\\\\\', \\\', \\\&#39;, \', \", etc etc - driving me nuts. I am obviously missing something - any help appreciated.

Gary
error.png
0
Comment
Question by:AIGS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39948246
What happens if you try
$wString = "<a href='javascript:alert(\"Hello\");'>CLICK</a>";
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39948266
That should work.  I checked this and it does work.  If your text from your database has &#39; in it, you can't use '\' to escape it.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>PHP/JS Alert</title>
</head>
<body>
<h1>PHP/JS Alert</h1>
<?php 
$wString = "<a href=\"javascript:alert('This is the way');\">CLICK</a>";
echo $wString;
 ?>
</body>
</html>

Open in new window

0
 

Author Comment

by:AIGS
ID: 39948319
I tried:
$wString = "<a href='javascript:alert(\"Hello\");'>CLICK</a>"; - doesn't work
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39948336
It works here.
<html>
<head></head>
<body>
<?php
$wString = "<a href='javascript:alert(\"Hello\");'>CLICK</a>";
echo $wString;
?>
</body>
</html>

Open in new window

0
 

Author Comment

by:AIGS
ID: 39948353
The string that I create which incorporates the alert() is passed back through two other functions as far as I can tell which make up the final line of code.

echo "insDoc(aux" . $auxCount  . ", gLnk('S', 'Responses: "  . $row["mf_threads"] . " - Last: " . writeDate($row["mf_lastthread"],"S") . "', 'javascript:loadMe(&quot;" . getDetails() . "&quot;)'));\r\n";

The line I am having trouble with, is created in the function getDetails() as per the code above.

I hope this helps to clarify my problem.  The echo above is used to write the code to browser as javascript.
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39948444
@AIGS, we've shown you two ways that work.  somehow you have to end up with one of those formats.

I would never write it that way either.  I would build a string in pieces and concatenate them together and then echo it.  Trying to put it all on one line like that just confuses things.  Something like this.
$output = "insDoc(aux" . $auxCount  . ", gLnk('S', 'Responses: ";
$output .= $row["mf_threads"] . " - Last: ";

$wDate = writeDate($row["mf_lastthread"],"S");
$output .= $wDate;

$getdet = getDetails();
$output .= "', 'javascript:loadMe('$getdet')'));\r\n";

echo $output;

Open in new window

0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39948551
Statements like this leave professional programmers SMH:

echo "insDoc(aux" . $auxCount  . ", gLnk('S', 'Responses: "  . $row["mf_threads"] . " - Last: " . writeDate($row["mf_lastthread"],"S") . "', 'javascript:loadMe(&quot;" . getDetails() . "&quot;)'));\r\n";

This is PHP AntiPractice #9.  Don't write code like that - you'll never be able to debug it.

It looks like you have many layers of overlapping output formatting and perhaps one or more of these introduce errors of some sort into the process.  I would try to simplify the question to the point that you get the SSCCE.  Once you see that, the issues will almost always become obvious and easy to fix.

You might also want to try using HEREDOC notation (heed, but do not be put off by the Warning).  I find that it greatly simplifies the way PHP handles string variables.  Quotes can be confusing and stacked quotes can be confusinger :-)

Please see a simple example of HEREDOC at http://iconoun.com/demo/temp_aigs.php

<?php // demo/temp_aigs.php
error_reporting(E_ALL);

// A VARIABLE IN THE PHP SCRIPT
$d = date('r');
$m = 'When was this page created? ' . $d;

// A HEREDOC BLOCK OF HTML WITH JAVASCRIPT AND VARIABLE SUBSTUTION
$html = <<<ENDHTML
<script>
alert('$m');
</script>
ENDHTML;

echo $html;

Open in new window

The reason this works well is that quote marks have no meaning inside a HEREDOC block.  Variable substitution takes place without regard to the quotes and apostrophes.  So your only consideration of the meaning of the quotes is given to the meaning of the quotes in the resulting string, not the PHP variable substitution process.  In this case alert('$m'); contains quotes that are meaningful in the resulting JavaScript command.

HTH, ~Ray
0
 
LVL 34

Accepted Solution

by:
Slick812 earned 250 total points
ID: 39950793
greetings AIGS, , unfortunately having PHP Browser output with -
$wString = '<a href="javascript:alert(\'TEST\');">click me</a>';
echo $wString;

the above code works, HOWEVER
it is a different consideration when you use PHP to write javascript code variable values as strings

PHP - $wString = '<a href=\\"javascript:alert(\'TEST\');\\">click me</a>';
now echo out php in JS code
<script>
var str1 = "<php echo $wString; ?>";
</script>

In the $wString I HAVE TO double escape the string, Once for the PHP and then again for the Javascript, In PHP I use the single ' and escape the PHP for that, and in javascript I use the opposite double " , BUT I need to use \\" , not for PHP, but for javascript, which is using the " so any " in that string NEEDS to be escaped so you have to double escape it   \\"

And I tell you , that it gets mighty confusing trying to write PHP to javascript code as strings, AUUGGHH!
if you look at the page source for the javascript from PHP output, you can often see the mistake for the ' or " in a string

I generally find that it helps me if I use a different " or single ' in the javascript as I used in PHP, but not always.
0
 

Author Closing Comment

by:AIGS
ID: 39960195
Thanks for your help. Breaking it up into smaller pieces instead of on one line allowed me to see it more clearly and rectify where needed - now working fine.

Again Thanks.
0

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to dynamically set the form action using jQuery.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question