0

I'm having trouble escaping the PHP variable inside the getItems function:

while($row = mysql_fetch_array( $data )) 
    {
    echo "<div class='favorite'>";
    echo "<div style='display: inline;'>".$row['Item']."</div>";
        if ($row['UID'] = $uid) {
        echo "<div id='unlock'>Info</div>";
        } else {
        echo "<div id='unlock' onclick='getItems('".$row['Item']."')'>Unlock</div>";
        }
    echo "</div>";
    }

When rendered (is render the word?) anyway, when I see it on my site it says:

onclick="getItems(" whatever')'

What am I doing wrong?

You can see the code here: http://www.chusmix.com/game/insert/get-items.php?user=19

Improve this question
4
  • Can you add the surrounding code to the posting? It appears this might be a syntax problem carrying from a previous line. Commented Sep 8, 2011 at 1:50
  • 2
    try: echo "<div id='unlock' onclick='getItems(\'".$row['Item']."\')' style='display: inline; float: right;'>Unlock</div>"; Commented Sep 8, 2011 at 1:52
  • it's a simple string. I just tried ('a') and it still ended up being (" a')' I'll paste all the code. However I honestly don't see any problem above it. Commented Sep 8, 2011 at 1:53
  • I get getItems(\" test\')' you can see it here: chusmix.com/game/insert/get-items.php?user=19 Commented Sep 8, 2011 at 1:58

5 Answers 5

Reset to default
4

Your problem is that your attribute values are surrounded by single quotes, but you're also using single quotes in your javascript.

You'll have to use double quotes in your javascript. However, since the whole string (in PHP) is surrounded by double quotes, you'll have to escape them. Hence:

echo "<div id='unlock' onclick='getItems(\"".$row['Item']."\")' style='display: inline; float: right;'>Unlock</div>";

Or like this:

echo "<div id='unlock' onclick='getItems(\"{$row['Item']}\")' style='display: inline; float: right;'>Unlock</div>";

To clarify what the curly braces do (from the PHP docs):

Complex (curly) syntax

This isn't called complex because the syntax is complex, but because it allows for the use of complex expressions.

Any scalar variable, array element or object property with a string representation can be included via this syntax. Simply write the expression the same way as it would appear outside the string, and then wrap it in { and }.

To further explain, let's say we have the following scenario:

$name = 'Apple';
$sentence = "$names are my favorite fruit";

What I'm trying to get is: Apples are my favorite fruit. However, this won't work. PHP will instead be looking for a variable called $names, and when it doesn't find it, it'll complain.

So, to remedy this, we can surround our variable in curly braces:

$name = 'Apple';
$sentence = "{$name}s are my favorite fruit";

Great! Now PHP will know where the variable name ends and the string starts.

On a side note: You might consider switching to double-quoting your attributes, since the way you do it now is not valid xHTML (unless you don't care).

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

i saw this {$var} things now a couple of times, never found out what they are used for, can you enlighten me?
quite nice: $name=array("foo"=>"bar"); echo "{$name["foo"]}" can be done with this.
@evildead - Exactly. That's why they call it "Complex" syntax; because you can use complex variables with it.
no kidding, I asked this myself a couple of times (saw it first in a php pattern book), but was always just to lazy to do some research myself :)
3

Yes, there is a problem with your quotes. It should be this:

echo "<div id='unlock' onclick='getItems(\"".$row['Item']."\");' style='display: inline; float: right;'>Unlock</div>";

The problem is that your opening quotes for onclick and the quotes around the function arguement have to be a different kind of quote.

This is much easier though to do with html and then just insert the variable like this:

<div id="unlock" onclick="getItems('<?=$row['Item'];?>');" style="display: inline; float: right;">Unlock</div>

Doing things this way instead of echoing HTML when possible will save you tons of time and confusion, and you won't have to worry about all the escaping of quotes

Improve this answer

5 Comments

@Phil I taught myself PHP and did everything with echo's, until I got hired and my co-worker enlightened me... lol. 5000 times easier.
sorry but this is bad style, I would not recommend you using <?= for echoing. I used it until I need to move my site to a php version where this feature was disabled (imho this is default), and it took plenty of time to find out what was wrong. <?php echo ... ?> is a bit more typing, but its save everywhere, not only on specific installations.
@evildead really? I didn't even know that was something that COULD be disabled. I've never run across a server where it didn't work.
yeah no kidding. Its called short_open_tag php.net/manual/en/ini.core.php, but I have to correct myself, the default value is on. Maybe they changed that. From the notes i just read: This directive also affected the shorthand <?= before PHP 5.4.0, which is identical to <? echo. Use of this shortcut required short_open_tag to be on. Since PHP 5.4.0, <?= is always available. ..... -> Maybe I get used to it myself :)
... but some Linux Distributions put in other default values in their configurations. I'm using Debian and imho do or did they disable short tags in their config files. But asread with php 5.4 its always available. Saves some typing :)
0

The ' inside onclick is closing the onclick itself. Change it to:

onclick='getItems(\"".$row['Item']."\")'

That way, in JS, it uses a different type of quote.

Even better... you can leave PHP, and have one less type of quote to worry about.

else { ?>
    <div id='unlock' onclick='getItems("<?=$row['Item'];?>")' style='display: inline; float: right;'>Unlock</div>
<?php
}
Improve this answer

1 Comment

I would rather use <?php if (...): ?> ... <?php else: ... ?> ... <?php endif; ?>
0

or like so: 

echo '<div id="unlock" onclick="getItems('."'".$row['Item']."'".')" style="display: inline; float: right;">Unlock</div>';

If I had to do this, it would have looked like: 

<?php while(true) :?>
  <div class="favorite">
  <div style="display: inline;"><?php echo $row['Item'];?></div>
  <?php if ($row['UID'] = $uid):?>
    <div id="unlock">Info</div>
  <?php else: ?>
    <div id="unlock" onclick="getItems('<?php echo $row['Item']; ?>)">Unlock</div>
  <?php endif;?>
</div>
<?php endwhile;?>
Improve this answer

Comments

0

try the following . edit: changed to make sure quotes were escaped correctly

echo "<div id='unlock' onclick=\"getItems('{$nameArray[0]}')\" ></div>";
Improve this answer

4 Comments

this is just wrong! You missing that the variable given to javascript need quotes too!
you missing the inside qoutes for the javascript variable (its a string)
fair enough, I made changes to better match what was desired. Apologies
this is again wrong. now you have two times " quotes. Browser cannot handle this. resulting in <... onclick="getItems("foo")" ...>

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.