ugnius40 Posted November 16, 2010 Share Posted November 16, 2010 Hello, I'm first time posting here, my PHP Javascript and HTML level is "trial, error, google", I've done some scripts, but now I'm facing one problem. Here's a code example: <?php $sa = array("Text without quotes.", "Text with 'quotes'.", "Text with \"Double Quotes\".", "Text With \"BOTH' kind of quotes."); echo "<A HREF='javascript:void(alert('".htmlspecialchars($sa[0], ENT_QUOTES)."'))'>Test One</A><BR/>"; echo "<A HREF='javascript:void(alert('".htmlspecialchars($sa[1], ENT_QUOTES)."'))'>Test Two</A><BR/>"; echo "<A HREF='javascript:void(alert('".htmlspecialchars($sa[2], ENT_QUOTES)."'))'>Test Three</A><BR/>"; echo "<A HREF='javascript:void(alert('".htmlspecialchars($sa[3], ENT_QUOTES)."'))'>Test Four</A><BR/>"; ?> What I'm trying to do is pass array of strings with quotes in them to my javascript, I tried using addslashes, htmlspecialchars but none of them work correctly. Whats the Right way to pass a string how do I preprocess it so javascript understands it correctly? Sorry if it's very simple or common question, I must have missed it in FAQ section. Thank you. Quote Link to comment Share on other sites More sharing options...
simshaun Posted November 16, 2010 Share Posted November 16, 2010 If you are trying to pass the entire array at once, you need to json_encode it. If you are trying to pass a single string, you need to escape whatever style quotes surrounds the string in javascript, e.g. <script type="text/javascript"> var foo = '<?php echo "Lorem Ipsum Wasn\'t!"; ?>' </script> Edit: I forgot to mention, the easiest way of doing this is to just json_encode the string. e.g. <script type="text/javascript"> var foo = <?php echo json_encode("Lorem Ipsum Wasn't!"); ?> </script> Quote Link to comment Share on other sites More sharing options...
ugnius40 Posted November 16, 2010 Author Share Posted November 16, 2010 Hi, thanks for answer, This should be the correct way but I'm having problems. echo "<A HREF='javascript:void(alert(\"This doesn\'t work.\"))'>Doesn't work</A><BR/>"; echo "<A HREF='javascript:void(alert(".json_encode("And This Doesn't work also")."))'>JSon</A><BR/>"; This code does not work for me, what's the problem, my browser???? Quote Link to comment Share on other sites More sharing options...
simshaun Posted November 16, 2010 Share Posted November 16, 2010 Echo'ing directly into an HTML attribute requires a little bit more treatment, because you have to worry about not using the same style of quotes you used to surround the HTML attribute value. As an example: <a href='javascript:void(alert(<?php echo str_replace("'", '"', json_encode('Foo')); ?>));'>json test</a> What I would do instead, to avoid worrying about the type of quotes: <script type="text/javascript"> var foo = <?php echo json_encode('foobar'); ?>; </script> <a href="javascript:void(alert(foo));">json test</a> Quote Link to comment Share on other sites More sharing options...
ugnius40 Posted November 16, 2010 Author Share Posted November 16, 2010 Echo'ing directly into an HTML attribute requires a little bit more treatment, because you have to worry about not using the same style of quotes you used to surround the HTML attribute value. Oh, finaly it dawned on me, not javascript terminates, but html attribute value terminates, that's why I'm getting problems here, thank you, I'll try to use your suggestion. Quote Link to comment Share on other sites More sharing options...
ugnius40 Posted November 16, 2010 Author Share Posted November 16, 2010 Sorry to bring this up again, seems it's all sorted out, I've tried a different approach, to replace special html chars on json encoded string, like this: echo "<A HREF='javascript:void(alert(".htmlspecialchars(json_encode("And This Seems'to work \" OK"), ENT_QUOTES)."))'>JSon</A><BR/>"; And this seem to work for me also. I'm just wondering is this fool-proof? Or is it completely wrong what I'm doing? Quote Link to comment Share on other sites More sharing options...
simshaun Posted November 16, 2010 Share Posted November 16, 2010 Yes, that will convert the quotes (and more) to html entities, so you don't have to worry about quote usage. But, do you plan on injecting the strings directly into a link like that when you implement what you're trying to do? If so, you're fine. If not, you may want to reconsider using htmlspecialchars. It really just depends on what you plan on doing in the application. Quote Link to comment Share on other sites More sharing options...
ugnius40 Posted November 16, 2010 Author Share Posted November 16, 2010 Thanks for all the help, immensely useful. I'm doing some script for browsing and selecting files server side, trying to learn as I code, the outcome is not very best, but I would like not to change the whole script I've written (may be in version 2). Ok, this can be considered closed, I think I've shamed myself showing off my stupidity enough Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.