I'd like how i can use a lot of ' and " in a code.
Example:
echo 'document.write("<a href='$url'> <img src='{$row["image"]}' border='0' /> </a>");';
I tried but i'm getting error. Anyone can help?
so, you have multi-level problem here:
data which is echoed to html, usually should be properly escaped via htmlspecialchars
you want to see document.write("..."..."); in your finally produced html, this will trigger javascript syntax error
to avoid this error, you should use \ before " inside string
echo 'document.write("<img src=\"' . htmlspecialchars($row["image"]) . '\" border=\"0\" />");';
note: I'm using echo with single quotes, if you're using double quotes - you will have to double \\
in case of double quotes your code will look like:
echo "document.write(\"<img src=\\\"" . htmlspecialchars($row["image"]) . "\\\" border=\\\"0\\\" />\");";
Here are three ways to tackle this problem.
1. Escaping the inner double slashes
echo "document.write(' <img src=\"{$row['image']}\" border=\"0\" /> ');";
2. Closing your PHP tags and writing javascript
?>
document.write(' <img src="<?php echo $row['image']; ?>" border="0" /> ');
<?php
3. Using Heredoc syntax
echo <<<EOJS
document.write(' <img src="{$row['image']}" border="0" /> ');
EOJS;
This will work:
<?php
$url = "http://www.google.com";
$row = array("image" => "image.png");
echo "document.write(' <img src=\"".$row["image"]."\" border=0 /> ');";
// output: document.write(' <img src="image.png" border=0 /> ');
?>
You can use the heredoc syntax:
echo <<<EOT
document.write(<a href='{$url}'> <img src='{$row["image"]}' border='0' /> </a>);
EOT;
From phpdocs
Heredoc text behaves just like a double-quoted string, without the
double quotes. This means that quotes in a heredoc do not need to be
escaped, but the escape codes listed above can still be used.
Variables are expanded, but the same care must be taken when
expressing complex variables inside a heredoc as with strings.
Also note, that
It is very important to note that the line with the closing identifier
must contain no other characters, except a semicolon (;). That means
especially that the identifier may not be indented, and there may not
be any spaces or tabs before or after the semicolon. It's also
important to realize that the first character before the closing
identifier must be a newline as defined by the local operating system.
This is \n on UNIX systems, including Mac OS X. The closing delimiter
must also be followed by a newline.
Related
I'm trying to echo a dynamic a tag which calls a javascript function, but the parameters are not being echoed correctly. They should retain their capitalization and not add spacing. Why is it doing this?
I've tried removing variables and just echoing a straight string with what I want, but it still displays incorrectly.
What I need:
echo '<img src="'.$info[1].'"/>'
Pure String Version:
echo '<img src="/images/calc-eng-desktop.png">'
Outputs:
<a href="/calc" onclick="redirTrackCalcBtn(" test_button_1",="" "="" calc")"="">
<img src="/images/calc-eng-desktop.png">
</a>
Should Output:
<a href="/calc" onclick="redirTrackCalcBtn("Test_Button_1", "/calc")">
<img src="/images/calc-eng-desktop.png">
</a>
I also tried:
echo "<img src=\"".$info[1]."\"/>";
But that still outputs:
<img src="/images/calc.png">
as per Dharman's response I also Tried:
echo '<a href="'.$info[0].'"
onClick=\"redirTrackCalcBtn("'.$bname.'", "'.$info[0].'")\"
><img src="'.$info[1].'"/></a>'
This outputs:
<a href="/calc" onclick="\"redirTrackCalcBtn("Test_Banner_1"," "="" calc")\"="">
<img src="/images/preguntanos-h-es.png">
</a>
Edit for context:
It's for a dynamic banner within the content of a blog powered by WordPress.
You can simplify your expressions using the following technique ...
HTML accepts single quote or double quotes for attributes.
PHP can evaluate variables inside of double quote delimited strings. This can make your expressions much more easier to understand.
So based on this, the answer would be:
<?php
echo "<a href='{$info[0]}' onClick='redirTrackCalcBtn(\"{$bname}\", \"{$info[0]}\")'><img src='{$info[1]}'/></a>";
This will give the following result ...
<a href='/calc' onClick='redirTrackCalcBtn("test_button_1", "/calc")'><img src='/images/calc-eng-desktop.png'/></a>
In your question, you have shown an Pure String Version and what you thought was a normal output. Both of those outputs are wrong. You cannot use something like onclick="redirTrackCalcBtn("Test_Button_1", "/calc")" because the double quote right after the opening parenthesis finishes the onclick attribute which become onclick="redirTrackCalcBtn(". After that, the browser will try its best to find the following attributes and their values. So the spaces that you are seeing are just the natural space between attributes.
In conclusion, there is nothing wrong with echo.
You need to escape one set of the double-quotes, otherwise they are mixed together. Since you went for single-quotes in PHP, you need to use double in HTML/JavaScript and then use single-quotes again, but this time escaped from PHP.
echo '<a href="'.$info[0].'" onClick="redirTrackCalcBtn(\''.$bname.'\', \''.$info[0].'\')" ><img src="'.$info[1].'"/></a>';
The JavaScript variables are enclosed within \'
or
echo '<a href="'.$info[0].'" onClick=\'redirTrackCalcBtn("'.$bname.'", "'.$info[0].'")\' ><img src="'.$info[1].'"/></a>';
The onlick part is now enclosed with escaped quotes, everything else stayed the same.
You have 3 languages mixed together, 3 layers:
PHP will use '
-->HTML will use "
---->JavaScript will use \'
Each one uses double or single quotes and you only have two to choose from. Therefore you need to escape one of them.
A simpler example:
echo '<a onclick="alert(\'hi\')">Hello</a>';
Perhaps a simpler way to overcome quote escaping confusion is to assign the string in a different way. You can remove one layer of quotation by using heredoc notation.
as an aside, your "correct" output is not correct:
onclick="redirTrackCalBtn("Test_Button_1, "/calc")">
<a href="/calc" onclick="redirTrackCalcBtn("Test_Button_1", "/calc")">
<img src="/images/calc-eng-desktop.png">
</a>
Your HTML should look like this:
<a href="/calc" onclick="redirTrackCalcBtn('Test_Button_1', '/calc')">
<img src="/images/calc-eng-desktop.png">
</a>
Using Heredoc notation, you don't have to concatenate and escape, just write it out the way the HTML should be:
$link =<<<LINKINFORMATION
<a href="{$info[0]}" onclick="redirTrackCalcBtn('{$bname}', '{$info[0]}')">
<img src="/images/calc-eng-desktop.png">
</a>
LINKINFORMATION;
echo $link;
I want to know if javascript methods auto-escape quotes, because this code work:
Example #1
<?php $foo ="hey a quote ' "; ?>
<input type="text" value="<?php echo $foo; ?>" id="foo" />
<script>
bar = document.getElementById('foo').value;
alert(bar+'there is a quote, will it work? ,');
</script>
It displays the alert fine, but this one:
Example #2
<?php $foo ="hey a quote ' "; ?>
<button onclick="alert('<?php echo $foo; ?>');">test</button>
...doesn't.
Obviously, it's because the quote isn't escaped with a \.
But then again, neither is it in the first example, so why is that so ?
Does javascript's method auto-escape quote when it picked stuff from DOM ?
Or is it just the value() method maybe ?
I've found nothing, so if you have even the beginning of an answer, I''ll be glad.
PHP is processed on the server, producing HTML (including embedded javascript in this case). This happens before the HTML is sent to the browser to interpret, including any JS.
You will see if you inspect the generated HTML source, that your second example becomes:
<button onclick="alert('hey a quote ' ');">test</button>
which isn't valid JS syntax.
Your first version works basically because you do not have an extraneous single quote in the code your PHP string is inserted into. The insertion instead produces:
<input type="text" value="hey a quote ' " id="foo" />
which is perfectly fine. And that value is then passed on to the alert call in the JS.
The difference is really that in the first code example, the quote appears in a context where there are no wrapping single quotes, so there is no ambiguity. If you would have wrapped the HTML attribute values with single quotes (which is valid HTML also), you'd have a problem:
<?php $foo ="hey a quote ' "; ?>
<input type='text' value='<?php echo $foo; ?>' id='foo' />
In that case the single quote should have been escaped as an HTML entity: ':
<?php $foo ="hey a quote ' "; ?>
<input type='text' value='<?php echo $foo; ?>' id='foo' />
Now in the second code example you provided, the single quote will appear in wrapped single quotes (for the string literal passed to alert). This is an issue, because the single quote will now end the string literal, and the characters following it will lead to a syntax error.
Here the quote appears in a JavaScript string literal (the alert code), not as in the HTML context of the first example. In JavaScript string literals, single quotes can be escaped with the backslash.
So in both cases (HTML or JavaScript) you could need a form of escaping. They are different.
Note that none of this is related to PHP.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I have a series of images/links that is calling a javascript function when the image is clicked. The code below works fine in regular html, but when I try to use this inside of a php echo it doesn't work.
echo "<a href='javascript:nfllogin('nflshow');' class='black' style='font-size:12px;'><img src='images/nfl-button-index.jpg' width='177' height='145' alt=''/></a> ";
Everything appears fine but when I click the image/link it doesn't pull up the div area I am expecting to see. How can I make this work?
You'll need to escape some of the quotes to avoid nested quotes of the same type.
echo "<a href='javascript:nfllogin(\"nflshow\");' class='black' style='font-size:12px;'><img src='images/nfl-button-index.jpg' width='177' height='145' alt=''/></a> ";
Will actually output:
<a href='javascript:nfllogin("nflshow");' class='black' style='font-size:12px;'><img src='images/nfl-button-index.jpg' width='177' height='145' alt=''/></a>
Which should work better for you.
echo '<img src="images/nfl-button-index.jpg" width="177" height="145" alt=""/>';
a good practice in echoing html in php is use single quote to echo and double quotes thereafter. This save the stress of escaping string. Try the above pls.
if it doesnt respond change this: javascript:nfllogin("nflshow");
The first thing that hits my eyes is that there's a problem with single and double quotes.
echo '<a href="javascript:nfllogin(\'nflshow\');" ';
echo "class='black' style='font-size:12px;'><img src='images/nfl-button-index.jpg' width='177' height='145' alt=''/></a> ";
Since the JavaScript contains a single quote, you have to put the href into double quotes. I split the echo in two to avoid to escape quotes with backslashes.
To echo such big chunks of html, the heredoc syntax comes in handy too. This would look like:
echo <<<EOT
<a href="javascript:nfllogin(\'nflshow\');" class="black" style="font-size:12px;">
<img src="images/nfl-button-index.jpg" width="177" height="145" alt=""/>
</a>
EOT;
There are two advantages:
There's no need to escape quotes
As a consequence, you can indent your HTML code and use double quotes for the attributes. It's just a matter of clean code to quote all HTML code consistently with double quotes.
Following is my code, am getting Uncaught SyntaxError: Unexpected token }, but i don't see any } in my code. window.open is expecting url in quotes, I tried different combinations of single and double quotes but not working and unable to escape the double quote in echo either.Please help
Thanks..
<?php
$a = "https://www.google.co.in/";
?>
<html>
<body>
<form>
<input type="button" width="100" onClick="window.open(<?php echo '"'; echo $a; echo '"'; ?>)" height="100%" value="Edit Record"/>
</form>
</body>
</html>
You are outputting " characters into your onClick attribute value. Since you use those characters to delimit the value, the first one ends the script in the middle of the statement.
Use " instead.
But that's a quick and dirty hack. There are better approaches.
Do not try to generate JavaScript strings by mashing PHP strings together. Use a robust escaping function. json_encode will give you the JavaScript literal (including quote characters where needed) for any simple data structure.
Do not try to generate HTML by mashing strings together. Use a robust escaping function. htmlspecialchars will do all you need.
Such:
onClick="window.open(<?php echo htmlspecialchars(json_encode($a)); ?>)"
But don't use JavaScript when HTML will do:
<a href="<?php echo htmlspecialchars($a); ?>" target="_blank">
You should use echo "'$a'". The main problem is that you would habe double-double quotes in your onclick attribute. Or even better window.open('<?php echo $a; ?>').
I have javascript function:
function someAction(thisTd,text){
alert(text);
thisTd.innerHTML=text;
...
}
And html-file:
<td onclick="someAction(this,<?echo 'Long-long text with <b>html-formatting</b>'?>)"/>
When I use such code function someAction doesn't call (because alert doesn't show) and in the error console in Opera no error is displayed. How to fix this problem?
P.S. I do not use frameworks(JQuery etc.).
UPDATE #1
When I use such code:
<?$encoded=str_replace("\n","",str_replace("\r\n","",$text));echo $encoded?>
It works nice. But I'm not sure, that it work correct in Linux.(I use Windows)
Make sure that you HTML encode it and put single quotes around the parameter:
<td onclick="someAction(this, '<?echo htmlspecialchars('Long-long text with <b>html-formatting</b>', ENT_QUOTES) ?>')"/>
You should remoce echo tag and the ?
<div onclick="someAction(this,'Long-long text with <b>html-formatting</b>')">myDiv</div>
and your function is :
function someAction(thisTd,text){
thisTd.nodeValue=innerHTML
...
}
You must wrap the string in single or html encoded double quotes in the first place:
<td onclick="someAction(this, '<?php echo 'yada yada'; ?>');"/>
<!-- OR -->
<td onclick="someAction(this, "<?php echo 'yada yada'; ?>");"/>
Secondly, the "echo"ed output can contain single or double quotes that can break the javascript string or the html attribute. Assuming that you're using single quotes to wrap the echoed string:
<td onclick="someAction(this, '<?php echo htmlspecialchars( str_replace( "'", "\\'", $that_long_text ) ); ?>');"/>
Just put the quotes around the text, you're producing:
Logically, this gives an error.
Use simple quotes or escape double quotes (\")