2

I am receiving some code through AJAX and handling it like so:

$verifiedSubject = addslashes(htmlentities($_REQUEST['subject']));
$verifiedBody = addslashes(htmlentities($_REQUEST['body']));
$verifiedAttachment1 = addslashes(htmlentities($_REQUEST['attachment1']));
$verifiedAttachment2 = addslashes(htmlentities($_REQUEST['attachment2']));

echo '<div id="subject" style="text-decoration: underline; cursor:pointer; display: inline; margin-bottom: 2%;" onclick=\'readmore("'.json_encode($verifiedSubject).'", "'.json_encode($verifiedBody).'", "'.json_encode($verifiedAttachment1).'", "'.json_encode($verifiedAttachment2).'")\'>';
echo $_REQUEST['subject'];
echo '</div>';

In the above code I am attempting to convert any HTML code to entities, add slashes to escape single and double quotes, and then json_encode() it for JavaScript to handle in an onclick function.

However, when the text is clicked to inititate the onclick I get this error:

Uncaught SyntaxError: missing ) after argument list

I've tried a variety of PHP functions to try and properly escape this string but nothing seems to work. Can anybody help me out?

Update of page source:

<script>
var date = "Monday, November 16th, 2015 Announcements";
formatAnnouncement( '55', 
                    'Hi',
                    '<b  rgb(0, 0, 0); font-family: Arial, Helvetica, sans; font-size: 11px; line-height: 14px; text-align: justify;\">Lorem Ipsum</b><span  rgb(0, 0, 0); font-family: Arial, Helvetica, sans; font-size: 11px; line-height: 14px; text-align: justify;\">&nbsp;is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry\'s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.</span>',
                    '0',
                    '',
                    '',
                    '******',
                    '2015-11-16 16:53:23',
                    date
                    );
</script>
Improve this question

2 Answers 2

Reset to default
1

You're doing it wrong. json_encode() does EVERYTHING you need to simply use the resulting string as an assignable "value". e.g.

<?php

$foo = 'bar';
?>

<script>
    var test1 = <?php echo json_encode($foo); ?>;   // this works
    var test2 = "<?php echo json_encode($foo); ?>; // this doesn't

What you'll end up with is:

var test1 = "bar";
var test2 = ""bar"";  //syntax error - two empty strings with undefined var between them

So what you should have in your code is:

echo '<div id="subject" style="text-decoration: underline;
   cursor:pointer; display: inline; margin-bottom: 2%;"
  onclick=\'readmore('.json_encode($verifiedSubject). ', '. 
                      ^--no "                          ^-^--ditto 
  etc...

There's no need for the addslashes, because json will escape everything that's necessary to turn your values into a "safe" javascript string representation. However, since you are embedding this json text inside an html onclick, the htmlentities is most likely required, to prevent " chars from "breaking out" of the html.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Uncaught SyntaxError: missing ) after argument list after changing to: $verifiedSubject = json_encode(htmlentities($_REQUEST['subject'])); ... and removing double quotes from readmore parameters.
0

It looks like the result that it's echoing has too many quotation marks. Try this:

echo '<div id="subject" style="text-decoration: underline; cursor:pointer; display: inline; margin-bottom: 2%;" onclick=\'readmore('.json_encode($verifiedSubject).', '.json_encode($verifiedBody).', '.json_encode($verifiedAttachment1).', '.json_encode($verifiedAttachment2).')\'>';
echo $_REQUEST['subject'];
echo '</div>';
Improve this answer

4 Comments

Still Uncaught SyntaxError: missing ) after argument list.
@mathdude - View the source of the HTML page and post the relevant line of code here so that we can see what it looks like.
Updated original post.
@mathdude - Are you sure that's the right part? Shouldn't <div id="subject" and such be showing up somewhere in there? I want to see what kind of data is being echoed by PHP.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.