Problem escaping php variable

565

I'm having trouble escaping the PHP variable inside the getItems function:

while($row = mysql_fetch_array( $data )) 
    {
    echo "<div class='favorite'>";
    echo "<div style='display: inline;'>".$row['Item']."</div>";
        if ($row['UID'] = $uid) {
        echo "<div id='unlock'>Info</div>";
        } else {
        echo "<div id='unlock' onclick='getItems('".$row['Item']."')'>Unlock</div>";
        }
    echo "</div>";
    }

When rendered (is render the word?) anyway, when I see it on my site it says:

onclick="getItems(" whatever')'

What am I doing wrong?

You can see the code here: http://www.chusmix.com/game/insert/get-items.php?user=19

550

Answer

Solution:

Your problem is that your attribute values are surrounded by single quotes, but you're also using single quotes in your javascript.

You'll have to use double quotes in your javascript. However, since the whole string (in PHP) is surrounded by double quotes, you'll have to escape them. Hence:

echo "<div id='unlock' onclick='getItems(\"".$row['Item']."\")' style='display: inline; float: right;'>Unlock</div>";

Or like this:

echo "<div id='unlock' onclick='getItems(\"{$row['Item']}\")' style='display: inline; float: right;'>Unlock</div>";

To clarify what the curly braces do (from the PHP docs):

Complex (curly) syntax

This isn't called complex because the syntax is complex, but because it allows for the use of complex expressions.

Any scalar variable, array element or object property with a string representation can be included via this syntax. Simply write the expression the same way as it would appear outside the string, and then wrap it in { and }.

To further explain, let's say we have the following scenario:

$name = 'Apple';
$sentence = "$names are my favorite fruit";

What I'm trying to get is:Apples are my favorite fruit. However, this won't work. PHP will instead be looking for a variable called$names, and when it doesn't find it, it'll complain.

So, to remedy this, we can surround our variable in curly braces:

$name = 'Apple';
$sentence = "{$name}s are my favorite fruit";

Great! Now PHP will know where the variable name ends and the string starts.


On a side note: You might consider switching to double-quoting your attributes, since the way you do it now is not valid xHTML (unless you don't care).

509

Answer

Solution:

Yes, there is a problem with your quotes. It should be this:

echo "<div id='unlock' onclick='getItems(\"".$row['Item']."\");' style='display: inline; float: right;'>Unlock</div>";

The problem is that your opening quotes foronclick and the quotes around the function arguement have to be a different kind of quote.

This is much easier though to do with html and then just insert the variable like this:

<div id="unlock" onclick="getItems('<?=$row['Item'];?>');" class="page_speed_1566065155">Unlock</div>

Doing things this way instead of echoing HTML when possible will save you tons of time and confusion, and you won't have to worry about all the escaping of quotes

245

Answer

Solution:

The' inside onclick is closing the onclick itself. Change it to:

onclick='getItems(\"".$row['Item']."\")'

That way, in JS, it uses a different type of quote.

Even better... you can leave PHP, and have one less type of quote to worry about.

else { ?>
    <div id='unlock' onclick='getItems("<?=$row['Item'];?>")' style='display: inline; float: right;'>Unlock</div>
<?php
}
590

Answer

Solution:

or like so:

echo '<div id="unlock" onclick="getItems('."'".$row['Item']."'".')" class="page_speed_1566065155">Unlock</div>';

If I had to do this, it would have looked like:

<?php while(true) :?>
 <div >
 <div ><?php echo $row['Item'];?></div>
 <?php if ($row['UID'] = $uid):?>
  <div id="unlock">Info</div>
 <?php else: ?>
  <div id="unlock" onclick="getItems('<?php echo $row['Item']; ?>)">Unlock</div>
 <?php endif;?>
</div>
<?php endwhile;?>
934

Answer

Solution:

try the following . edit: changed to make sure quotes were escaped correctly

echo "<div id='unlock' onclick=\"getItems('{$nameArray[0]}')\" ></div>";

People are also looking for solutions to the problem: Using MySQL and MSSQL selection flexibility in PHP

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.