Solved

Creating strings using PHP including calls to javascript functions - having problems where javascript function does not accept the data passed.

Posted on 2014-03-22
9
774 Views
Last Modified: 2014-03-27
Using PHP to access data from database (MYSQL) - this part is not a problem.
have PHP function that use database and create html code (as strings) that are passed to javascript, which include calls to alert().

Check the image supplied: When I click on CLICK the alert dialog displays - so far so good.
Unfortunately when I pass data as string to the alert() function is when I get problems - nothing happens.

Here is a sample of my code:
$wString = "<a href=\&#39;javascript:alert();\&#39;>CLICK</a>";
works fine, shows empty alert dialog (as per image attached) - as soon as I try and put data inside the alert function - problems.

I have tried all manner of combinations to encase the data inside the () e.g. \\\\\\', \\\', \\\&#39;, \', \", etc etc - driving me nuts. I am obviously missing something - any help appreciated.

Gary
error.png
0
Comment
Question by:AIGS
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39948246
What happens if you try
$wString = "<a href='javascript:alert(\"Hello\");'>CLICK</a>";
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39948266
That should work.  I checked this and it does work.  If your text from your database has &#39; in it, you can't use '\' to escape it.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>PHP/JS Alert</title>
</head>
<body>
<h1>PHP/JS Alert</h1>
<?php 
$wString = "<a href=\"javascript:alert('This is the way');\">CLICK</a>";
echo $wString;
 ?>
</body>
</html>

Open in new window

0
 

Author Comment

by:AIGS
ID: 39948319
I tried:
$wString = "<a href='javascript:alert(\"Hello\");'>CLICK</a>"; - doesn't work
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39948336
It works here.
<html>
<head></head>
<body>
<?php
$wString = "<a href='javascript:alert(\"Hello\");'>CLICK</a>";
echo $wString;
?>
</body>
</html>

Open in new window

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:AIGS
ID: 39948353
The string that I create which incorporates the alert() is passed back through two other functions as far as I can tell which make up the final line of code.

echo "insDoc(aux" . $auxCount  . ", gLnk('S', 'Responses: "  . $row["mf_threads"] . " - Last: " . writeDate($row["mf_lastthread"],"S") . "', 'javascript:loadMe(&quot;" . getDetails() . "&quot;)'));\r\n";

The line I am having trouble with, is created in the function getDetails() as per the code above.

I hope this helps to clarify my problem.  The echo above is used to write the code to browser as javascript.
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 39948444
@AIGS, we've shown you two ways that work.  somehow you have to end up with one of those formats.

I would never write it that way either.  I would build a string in pieces and concatenate them together and then echo it.  Trying to put it all on one line like that just confuses things.  Something like this.
$output = "insDoc(aux" . $auxCount  . ", gLnk('S', 'Responses: ";
$output .= $row["mf_threads"] . " - Last: ";

$wDate = writeDate($row["mf_lastthread"],"S");
$output .= $wDate;

$getdet = getDetails();
$output .= "', 'javascript:loadMe('$getdet')'));\r\n";

echo $output;

Open in new window

0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39948551
Statements like this leave professional programmers SMH:

echo "insDoc(aux" . $auxCount  . ", gLnk('S', 'Responses: "  . $row["mf_threads"] . " - Last: " . writeDate($row["mf_lastthread"],"S") . "', 'javascript:loadMe(&quot;" . getDetails() . "&quot;)'));\r\n";

This is PHP AntiPractice #9.  Don't write code like that - you'll never be able to debug it.

It looks like you have many layers of overlapping output formatting and perhaps one or more of these introduce errors of some sort into the process.  I would try to simplify the question to the point that you get the SSCCE.  Once you see that, the issues will almost always become obvious and easy to fix.

You might also want to try using HEREDOC notation (heed, but do not be put off by the Warning).  I find that it greatly simplifies the way PHP handles string variables.  Quotes can be confusing and stacked quotes can be confusinger :-)

Please see a simple example of HEREDOC at http://iconoun.com/demo/temp_aigs.php

<?php // demo/temp_aigs.php
error_reporting(E_ALL);

// A VARIABLE IN THE PHP SCRIPT
$d = date('r');
$m = 'When was this page created? ' . $d;

// A HEREDOC BLOCK OF HTML WITH JAVASCRIPT AND VARIABLE SUBSTUTION
$html = <<<ENDHTML
<script>
alert('$m');
</script>
ENDHTML;

echo $html;

Open in new window

The reason this works well is that quote marks have no meaning inside a HEREDOC block.  Variable substitution takes place without regard to the quotes and apostrophes.  So your only consideration of the meaning of the quotes is given to the meaning of the quotes in the resulting string, not the PHP variable substitution process.  In this case alert('$m'); contains quotes that are meaningful in the resulting JavaScript command.

HTH, ~Ray
0
 
LVL 33

Accepted Solution

by:
Slick812 earned 250 total points
ID: 39950793
greetings AIGS, , unfortunately having PHP Browser output with -
$wString = '<a href="javascript:alert(\'TEST\');">click me</a>';
echo $wString;

the above code works, HOWEVER
it is a different consideration when you use PHP to write javascript code variable values as strings

PHP - $wString = '<a href=\\"javascript:alert(\'TEST\');\\">click me</a>';
now echo out php in JS code
<script>
var str1 = "<php echo $wString; ?>";
</script>

In the $wString I HAVE TO double escape the string, Once for the PHP and then again for the Javascript, In PHP I use the single ' and escape the PHP for that, and in javascript I use the opposite double " , BUT I need to use \\" , not for PHP, but for javascript, which is using the " so any " in that string NEEDS to be escaped so you have to double escape it   \\"

And I tell you , that it gets mighty confusing trying to write PHP to javascript code as strings, AUUGGHH!
if you look at the page source for the javascript from PHP output, you can often see the mistake for the ' or " in a string

I generally find that it helps me if I use a different " or single ' in the javascript as I used in PHP, but not always.
0
 

Author Closing Comment

by:AIGS
ID: 39960195
Thanks for your help. Breaking it up into smaller pieces instead of on one line allowed me to see it more clearly and rectify where needed - now working fine.

Again Thanks.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
The viewer will learn how to count occurrences of each item in an array.
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now