Jump to content

What is correct way of passing strings to JavaScript.

ugnius40

By ugnius40
in PHP Coding Help

 Share

Recommended Posts

ugnius40 Newbie

ugnius40

Posted
Posted

Hello,

 

I'm first time posting here, my PHP Javascript and HTML level is "trial, error, google", I've done some scripts, but now I'm facing one problem. Here's a code example:

<?php
  $sa = array("Text without quotes.", "Text with 'quotes'.", "Text with \"Double Quotes\".", "Text With \"BOTH' kind of quotes.");
  echo "<A HREF='javascript:void(alert('".htmlspecialchars($sa[0], ENT_QUOTES)."'))'>Test One</A><BR/>";
  echo "<A HREF='javascript:void(alert('".htmlspecialchars($sa[1], ENT_QUOTES)."'))'>Test Two</A><BR/>";
  echo "<A HREF='javascript:void(alert('".htmlspecialchars($sa[2], ENT_QUOTES)."'))'>Test Three</A><BR/>";
  echo "<A HREF='javascript:void(alert('".htmlspecialchars($sa[3], ENT_QUOTES)."'))'>Test Four</A><BR/>";
?>

 

What I'm trying to do is pass array of strings with quotes in them to my javascript, I tried using addslashes, htmlspecialchars but none of them work correctly. Whats the Right way to pass a string how do I preprocess it so javascript understands it correctly?

Sorry if it's very simple or common question, I must have missed it in FAQ section.

 

Thank you.

Link to comment
Share on other sites
simshaun Newbie

simshaun

Posted
Posted

If you are trying to pass the entire array at once, you need to json_encode it.

 

If you are trying to pass a single string, you need to escape whatever style quotes surrounds the string in javascript, e.g. 

<script type="text/javascript">
var foo = '<?php echo "Lorem Ipsum Wasn\'t!"; ?>'
</script>

 

Edit: I forgot to mention, the easiest way of doing this is to just json_encode the string. e.g. 

<script type="text/javascript">
var foo = <?php echo json_encode("Lorem Ipsum Wasn't!"); ?>
</script>

Link to comment
Share on other sites
ugnius40 Newbie

ugnius40

Posted
  • Author
Posted

Hi, thanks for answer, This should be the correct way but I'm having problems.

 

  echo "<A HREF='javascript:void(alert(\"This doesn\'t work.\"))'>Doesn't work</A><BR/>";
  echo "<A HREF='javascript:void(alert(".json_encode("And This Doesn't work also")."))'>JSon</A><BR/>";

 

This code does not work for me, what's the problem, my browser????

Link to comment
Share on other sites
simshaun Newbie

simshaun

Posted
Posted

Echo'ing directly into an HTML attribute requires a little bit more treatment, because you have to worry about not using the same style of quotes you used to surround the HTML attribute value.

 

As an example: 

<a href='javascript:void(alert(<?php echo str_replace("'", '"', json_encode('Foo')); ?>));'>json test</a>

 

What I would do instead, to avoid worrying about the type of quotes: 

<script type="text/javascript">
var foo = <?php echo json_encode('foobar'); ?>;
</script>

<a href="javascript:void(alert(foo));">json test</a>

Link to comment
Share on other sites
ugnius40 Newbie

ugnius40

Posted
  • Author
Posted

Echo'ing directly into an HTML attribute requires a little bit more treatment, because you have to worry about not using the same style of quotes you used to surround the HTML attribute value.

 

Oh, finaly it dawned on me, not javascript terminates, but html attribute value terminates, that's why I'm getting problems here, thank you, I'll try to use your suggestion.

Link to comment
Share on other sites
ugnius40 Newbie

ugnius40

Posted
  • Author
Posted

Sorry to bring this up again, seems it's all sorted out, I've tried a different approach, to replace special html chars on json encoded string, like this:

echo "<A HREF='javascript:void(alert(".htmlspecialchars(json_encode("And This Seems'to work \" OK"), ENT_QUOTES)."))'>JSon</A><BR/>";

And this seem to work for me also. I'm just wondering is this fool-proof? Or is it completely wrong what I'm doing?

Link to comment
Share on other sites
simshaun Newbie

simshaun

Posted
Posted

Yes, that will convert the quotes (and more) to html entities, so you don't have to worry about quote usage.

 

But, do you plan on injecting the strings directly into a link like that when you implement what you're trying to do?  If so, you're fine.  If not, you may want to reconsider using htmlspecialchars.  It really just depends on what you plan on doing in the application.

Link to comment
Share on other sites
ugnius40 Newbie

ugnius40

Posted
  • Author
Posted

Thanks for all the help, immensely useful.

 

I'm doing some script for browsing and selecting files server side, trying to learn as I code, the outcome is not very best, but I would like not to change the whole script I've written (may be in version 2).

 

Ok, this can be considered closed, I think I've shamed myself showing off my stupidity enough :)

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.