I create a link executing javascript if clicked. (And a div popup is displayed containing the content of $test)
The php code looks like:
echo "<a ID=\"it_$idnr\" class=\"tooltip\" href=\"javascript:it_popup('it_$idnr','$test');\">"
The problem is that in some cases this code produces an error:
Syntax error: unterminated string literal
It seams to that it happens only if the $test contains special chars like new line or quotation marks.
How can I prevent this perfectly?
A simple search and replace is not a solution, because it should not change the result.
You can json_encode it to make it js safe and html encode it to make it html safe
echo "<a ID=\"it_$idnr\" class=\"tooltip\" href=\"javascript:it_popup('it_$idnr',".htmlspecialchars(json_encode($test)).");\">"
Related
could somebody please help me with the below:
echo ('<font color="FFFFFF"><b>Click here to claim ticket</b></font>');
I know there is an issue with some " ' " but can't figure this out. I am getting a syntax error just before the 'Are'. The line of code was working as expected before I added the:
onclick="return confirm('Are you sure you want to claim this ticket?');"
Thanks!
If you want to use the same quotes you opened the string with inside the string itself, you should escape it.
For instance:
$var = 'Hello, let's go!';
echo $var;
This code will throw a parse error because this is how PHP sees the code:
) New variable $var.
) Is a string, declared using single quotes '.
) After the opening quote we have 'Hello, let'
) Now PHP expects some kind of valid code operators, like ., and next string or ;, but it gets some characters, which are treated as instructions rather than strings because they are outside the quotes, and
) PHP throws a parse error.
To fix this, you can use the backslash \ a.k.a 'escaping' character.
For example, to fix your problem:
echo
('<font color="FFFFFF"><b>Click here to claim ticket</b></font>');
See the baskslashes \ surrounding the single quotes inside the confirm JavaScript function? This tells PHP to treat these quotes as normal characters instead of string start/end declarations. Same thing works for reversal when you use double quotes as string declarators.
For example, when you want to show the actual representation of $ or any characters that have special meaning in a double quoted string, which allows direct insertion of variables (and some other's, like class properties) values you would use the escaping character.
For example:
$apples = 12;
$talk = "I have $apples \$apples. Thanks, now have a backlash! \\!";
echo $talk;
This will output I have 12 $apples. Thanks, now have a backslash! \!
Now, you are not actually required to escape the escaping character (it will show just as well if it does't have anything to escape after it).
Read this: PHP Manual - About Strings
You can also switch your single quotes on the edges of your echo statement with regular quotes, which will allow you to insert the $id variable easier. Then, you just have to escape the quotes around your JavaScript in onClick and switch all the other quotes to single quotes.
echo "<a href='assign.php?id=$id' onclick=\"return confirm('Are you sure you want to claim this ticket?');\" style='text-decoration: none'><font color='FFFFFF'><b>Click here to claim ticket</b></font></a>";
However, there is a better way.
Interpolate PHP into HTML
(Instead of HTML into PHP)
The best way to do this is to write HTML as HTML, and interpolate PHP variables into the HTML. This is best practice as it allows syntax highlighting in IDE's, and looks much cleaner/easier to read.
Just write the entire element as HTML, and then echo the $id variable inside the HTML (instead of writing all of the HTML in a PHP echo statement).
<a href="assign.php?id=<?=$id;?>" onclick="return confirm('Are you sure you want to claim this ticket?');" style="text-decoration: none">
<font color="FFFFFF">
<b>
Click here to claim ticket
</b>
</font>
</a>
With this method, you don't have to worry about escaping quotes, and it will allow you to use regular quotes throughout your entire element.
You need to escape the nested ' by doing \'
echo ('<font color="FFFFFF"><b>Click here to claim ticket</b></font>');
Note that all the stuff inside the single quotes is considered as string by the PHP interpreter.
Docs: PHP: Variables - Manual
I search through the numerous questions already asked about the "unterminated string literal" syntax error but found nothing helping me ...
So, I have this Javascript function :
function parametresModal($parametres) {
document.getElementById('remodalTest').innerHTML = $parametres;
};
Then I call this function on a link in my page :
<a href="#" onClick='parametresModal("<?php the_field('description-defi'); ?>");'>TEST</a>
The parameter written here is simplified ; I actually want to add this Wordpress ACF's function among others and HTML markup, but I found the issue was appearing with this particular field (see below).
This "parametresModal" function is supposed to fill the following div with its parameters :
<div id="remodalTest">MyDiv</div>
Problem is the console outputs
"SyntaxError: unterminated string literal"
The Wordpress ACF's field "description-defi" contains a few lines of text with some simple quotes (ex. c'est, l'éviter, ...).
So I tried to escape the quotes with several methods :
$myField = the_field('description-defi');
$myEscape = json_encode($myField);
or
$myField = the_field('description-defi');
$myEscape = addshlashes($myField);
or
$myField = the_field('description-defi');
$myEscape = htmlspecialchars($myField);
Always resulting in the same error.
Do you see where I could be wrong in my code or my way of thinking the thing ?
Thank you very much !
the_field() will output the content of the selected field. If you want to work with a field, you should use get_field() instead.
See: https://www.advancedcustomfields.com/resources/the_field/
Also the newline character will not be escaped by any of PHP's escape functions, if your String contains newlines, you will need to escape them manually using something like this: $myField = str_replace(array("\r\n", "\n"), "<br>", $myField);.
If you know that your DB will consistently use the same newline sequence, you can replace array("\r\n", "\n") by that newline sequence instead.
Somehow my php function, which creates a button, which calls a javascript function, does not pass the php variables as strings.
function addTableEntry($id, $name)
{
echo('<tr>
<td>'.$id.'</td>
<td>'.$name.'</td>
<td>Manage group
</tr>');
}
addTableEntry(1,"livingroom");
The function activateGroupSettingsOverlay() always gets called with (1, livingroom) whenever it is clicked and i get an error "livingroom is undefined".
How can i pass $name as a String? I tried to put quotes around it (like this: '.$id.',"'.$name.'", but that did not work.
You have to "escape" quotes inside a string if you want them to persist:
echo '..... onClick="activateGroupSettingsOverlay('.$id.',\''.$name.'\')"....'
The important thing are the backslashes before the (single) quotes.
The reason it wasn't working is because you were not including quotes in the javascript.
While other answers "fix" the issue they don't really explain it, to be clear this line
<td>Manage group
Is output like this
<td>Manage group
As is, the livingroom does not have quotes and so javascirpt is treating it as a variable, hence the undefined error. To fix it you want it to look like this when output.
<td>Manage group
Modifying this line is all you have to change
<td>Manage group
Adding the single quotes \' with escaping.
Personally for things like this I like to use what is called a HEREDOC or NEWDOC
<<<HTML HTML; and <<<'HTML' HTML; respective. HEREDOC is like using a " and new doc is like using ' in that you cannot use php variables within a NEWDOC but you can within the HEREDOC if you enclose them in { } braces. Because of this we'll want to use a HEREDOC so we can use php variables in the output.
function addTableEntry($id, $name)
{
echo <<<HTML
<tr>
<td>'.$id.'</td>
<td>'.$name.'</td>
<td>Manage group
</tr>
HTML;
}
addTableEntry(1,"livingroom");
http://php.net/manual/en/language.types.string.php - scroll down to where it says HEREDOC
The advantage to doing this is that you don't have to escape the single quotes, which makes it way more readable IMO. The trick with HEREDOC, or NEWDOC, is the ending HTML; has to start a new line and can be the only thing on that line, no leading or trailing spaces, or it won't work properly..
For this case it is probably simple enough to get away with how you are doing it, but if you needed to use concatenation in javascript, the quotes would become a hassle. For example say you wanted to add a html image tag using javascript with a javascirpt variable for the image name, but use php to get the server host name( html and variables in javascript ).
echo '
var foo = "image.jpb";
$(body).html( \'<img src="'.$_SERVER['HTTP_HOST'].'\'+foo+\'" />\' );
';
This quickly becomes unmanageable because ( not even sure if I have that right, anyway ). Compare how much cleaner this is, because you are not wasting the quotes in php....
echo <<<HTML
var foo = "image.jpb";
$(body).html( '<img src="{$_SERVER['HTTP_HOST']}'+foo+'" />' );
HTML;
Please try with this code:-
function addTableEntry($id, $name)
{
echo("<tr>
<td>".$id."</td>
<td>".$name."</td>
<td>Manage group
</tr>");
}
addTableEntry(1,"livingroom");
Change
onClick="activateGroupSettingsOverlay('.$id.','.$name.')"
to
onClick="activateGroupSettingsOverlay('.$id.',"'.$name.'")"
#chandresh_cool was kind of right, you have to "force" the quotes
onClick="activateGroupSettingsOverlay('.$id.',\''.$name.'\')"
I want to print or echo back code to the user, but when I attempt to I get an ILLEGAL error. How would I go about showing the below code as just normal text instead of executing it:
alert('<script>hello</script>');
I've been trying to print it to a text box with jQuery when I get the error, like so:
$('.printed-code').val('<script> write your code between these lines </script>');
If you are placing your JavaScript in a <script> element, then the </script> in the string literal will be recognised as a matching end tag for the script. Break up the string with an escape sequence (in a JS string literal, \/ means the same as /):
$('.printed-code').val('<script> write your code between these lines <\/script>');
… or keep the script in an external file and reference it with <script src="foo.js"></script>.
If you want to display information to a user, then you shouldn't be using an <input> to do so, so you will be wanting the text() method, not the val() method. (Assuming .printed-code matches a <code> element or something else that is appropriate for the task at hand).
$('code.printed-code').text('<script> write your code between these lines </script>');
You should escape the / like this: <\/script>. Otherwise you get errors, especially in old browsers where </ ends the script block (not </script>)
Someone answered earlier with an exact code example, and included a jsfiddle. He deleted the post for some reason but this was the code he provided. I would have marked that as correct. thank you all for the input
$('.printed-code').val('<scr'+'ipt> write your code between these lines </scr'+'ipt>');
The script tags are being interpreted literally.
Try:
alert('<script>hello</script>')
echo '<a onClick="articleDeleteConfirm("'.
$row["title_$lang"].'","'.$_GET["editPage"]).'">';
The main problem is with: $row["title_$lang"], I have to use $lang variable inside. " and ' just not enough.
The problem you describe actually has nothing to do with your PHP variables, those are all being output as expected. The problem is that you need to escape the " inside of the <a> and you've misplaced a ).
Your original would output:
<a onClick="articleDeleteConfirm("value1","value2">
That is not valid HTML (even the highlighter dislikes it). Now, notice the \'s in the following (and that the paren was moved into the string).
echo '<a onClick="articleDeleteConfirm(\''
.$row["title_".$lang."].'\',\''.$_GET["editPage"].'\')">';
The escaped version outputs:
<a onClick="articleDeleteConfirm('value1','value2')">
It uses single quotes inside of double quotes to provide easy to read (and valid) html. Now, you have another issue with your code.
Any time you output a $_REQUEST variable to the browser, you risk something called cross-site-scripting. Someone could put JavaScript into $_GET["editPage"] and it would smell bad. The easy way to avoid it? Use htmlentities($_GET["editPage"])
I had same problem too, I don't know exactly why but I had syntax error no matter what I did, So I tried this and got answer.
The problem is that you're using a double quotation to open onClick and again you're using another double quotation to open an string.
Use this and you'll get answer.
echo '<a onClick="articleDeleteConfirm('.char(39).$row["title_$lang"].char(39).','.char(39).$_GET["editPage"]).char(39).'>';