开发者

Problem escaping php variable

I'm having trouble escaping the PHP variable inside the getItems function:

while($row = mysql_fetch_array( $data )) 
    {
    echo "<div class='favorite'>";
    echo "<div style='display: inline;'>".$row['Item']."</div>";
        if ($row['UID'] = $uid) {
        echo "<div id='unlock'>Info</div>";
        } else {
        echo "<div id='unlock' onclick='getItems('".$row['Item']."')'>Unlock</div>";
        }
    echo "</div>";
    }

When rendered (is render the word?) anyway, when I see it on my site it says:

onclick="getItems(" whatever')'

What am I doing wrong?

You can see the code here: http://www.chusmix.com/game/insert/get-items.php?user=1开发者_如何学编程9


Your problem is that your attribute values are surrounded by single quotes, but you're also using single quotes in your javascript.

You'll have to use double quotes in your javascript. However, since the whole string (in PHP) is surrounded by double quotes, you'll have to escape them. Hence:

echo "<div id='unlock' onclick='getItems(\"".$row['Item']."\")' style='display: inline; float: right;'>Unlock</div>";

Or like this:

echo "<div id='unlock' onclick='getItems(\"{$row['Item']}\")' style='display: inline; float: right;'>Unlock</div>";

To clarify what the curly braces do (from the PHP docs):

Complex (curly) syntax

This isn't called complex because the syntax is complex, but because it allows for the use of complex expressions.

Any scalar variable, array element or object property with a string representation can be included via this syntax. Simply write the expression the same way as it would appear outside the string, and then wrap it in { and }.

To further explain, let's say we have the following scenario:

$name = 'Apple';
$sentence = "$names are my favorite fruit";

What I'm trying to get is: Apples are my favorite fruit. However, this won't work. PHP will instead be looking for a variable called $names, and when it doesn't find it, it'll complain.

So, to remedy this, we can surround our variable in curly braces:

$name = 'Apple';
$sentence = "{$name}s are my favorite fruit";

Great! Now PHP will know where the variable name ends and the string starts.


On a side note: You might consider switching to double-quoting your attributes, since the way you do it now is not valid xHTML (unless you don't care).


Yes, there is a problem with your quotes. It should be this:

echo "<div id='unlock' onclick='getItems(\"".$row['Item']."\");' style='display: inline; float: right;'>Unlock</div>";

The problem is that your opening quotes for onclick and the quotes around the function arguement have to be a different kind of quote.

This is much easier though to do with html and then just insert the variable like this:

<div id="unlock" onclick="getItems('<?=$row['Item'];?>');" style="display: inline; float: right;">Unlock</div>

Doing things this way instead of echoing HTML when possible will save you tons of time and confusion, and you won't have to worry about all the escaping of quotes


The ' inside onclick is closing the onclick itself. Change it to:

onclick='getItems(\"".$row['Item']."\")'

That way, in JS, it uses a different type of quote.

Even better... you can leave PHP, and have one less type of quote to worry about.

else { ?>
    <div id='unlock' onclick='getItems("<?=$row['Item'];?>")' style='display: inline; float: right;'>Unlock</div>
<?php
}


or like so:

echo '<div id="unlock" onclick="getItems('."'".$row['Item']."'".')" style="display: inline; float: right;">Unlock</div>';

If I had to do this, it would have looked like:

<?php while(true) :?>
  <div class="favorite">
  <div style="display: inline;"><?php echo $row['Item'];?></div>
  <?php if ($row['UID'] = $uid):?>
    <div id="unlock">Info</div>
  <?php else: ?>
    <div id="unlock" onclick="getItems('<?php echo $row['Item']; ?>)">Unlock</div>
  <?php endif;?>
</div>
<?php endwhile;?>


try the following . edit: changed to make sure quotes were escaped correctly

echo "<div id='unlock' onclick=\"getItems('{$nameArray[0]}')\" ></div>";
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜