Javascript within PHP does not work

Question

I was trying to implement some simple adblocker into my site and it turned out not working merging PHP's echo and javascript's document.write. Anybody can help me with this?

It looks like this:

echo '
     <script type="text/javascript">
         if (document.getElementById("tester") != undefined)
         {
            document.write(\'<form method="post" action="index.php">'.recaptcha_get_html("XXX").'
            <br /><input type="submit" value="CLAIM" /></form>\');
         }
         else
         {
             document.write(\'<p>We\'ve detected that you\'re using <strong>AdBlock Plus</strong> or some other adblocking software. Please be aware that this is only contributing to the demise of the site. We need money to operate the site, and almost all of that comes from our online advertising. To read more about why you should disable ABP, please <a href="#">click here</a>.</p>\');
         }
       </script>';

But when executed, I get shown everything after the submit input as a text. Like this:

Maybe if you showed us the full function or block of code it would help. — Nick Rameau, Aug 13 '14 at 17:08
All PHP does it output text. It generates the HTML page for the browser to render. It knows nothing about JavaScript. — gen_Eric, Aug 13 '14 at 17:09
Writing javascript in a PHP echo is a bad idea because it's hard to read afterwards with all the escaped quotes all over the place and hard to write, being much more error prone. Instead end your php with `?>` then put your JS, then start PHP again ` — Mike, Aug 13 '14 at 17:09
It's much easier to use addslashes on your original html so you won't have to yourself. Use the heredoc syntax to get the HTML into a variable and then echo addslashes($html_for_javascript); That, in combination with what Mike said. — twicejr, Aug 13 '14 at 17:48

sifriday · Answer 1 · 2014-08-26T08:35:17.837

1

I think this will help tidy it up for you. The key thing is to exit PHP to print our your HTML & JS, then you will have less hassle with escaping quotes. And you can add in your PHP content using one-liners of the form

<?php echo $foo ?>

Here's the example...

<?php
    // Your code here, eg
    function recaptcha_get_html() { return '...' }

   // Now, this is temporarily the end of your PHP code, so stop PHP and enter HTML:
?>
    <script type="text/javascript">
      if (document.getElementById("tester") != undefined)
      {
        document.write('<form method="post" action="index.php">');
        document.write('<?php echo recaptcha_get_html("XXX") ?>');'
        document.write('<br /><input type="submit" value="CLAIM" /></form>');
      }
      else
      {
        document.write("<p>We've detected that you're using <strong>AdBlock Plus</strong> or some other adblocking software. Please be aware that this is only contributing to the demise of the site. We need money to operate the site, and almost all of that comes from our online advertising. To read more about why you should disable ABP, please <a href='#'>click here</a>.</p>");
      }
    </script>;
<?php
    // Now back into PHP
    // Your code carries on here...

I'm assuming

recaptcha_get_html("XXX")

is PHP. If it is a JS func, you'll need to do something slightly different.

And warning! The above is untested - it's meant to show you a style that'll help you tidy up your code to get it to work, rather than being the definitive correct answer - but I hope it helps :-)

edited Aug 26 '14 at 08:35

answered Aug 13 '14 at 17:10

sifriday

4,342
1
13
24

You've got a stray single quote there. – Mike Aug 13 '14 at 17:12
you\'re? thanks! any others?? – sifriday Aug 13 '14 at 17:12
After XXX there's another – Mike Aug 13 '14 at 17:14
I saw an edit pass by from Rocket Hamza, too. I fixed a couple more. How're we doing? – sifriday Aug 13 '14 at 17:16
I think it's fine now. I just changed `echo` to `return` since you are doing `echo recaptcha_get_html("XXX")`. – gen_Eric Aug 13 '14 at 17:20
I'm afraid it does exactly the same thing, check the result here on the right side http://auticko.net/freedoge/ :/ – Imro Aug 13 '14 at 17:20
Imro, I think you're missing a document.write(' ') around the ... the HTML returned from that func has been dumped in the page, without being inside a document.write statement. – sifriday Aug 13 '14 at 17:22
2

You're nesting – Mike Aug 13 '14 at 17:22
Yes sifriday, I missed it out purposely because it didn't work with it either. It's now up online with your code and the problem still persists. – Imro Aug 13 '14 at 17:27
1

Ype, Mike's right, you're trying to echo a script tag out inside another script tag. You need to think about how to structure your PHP so that script tag is echoed out separately. Keep working within this 'escape from PHP' approach, building on the suggestions we've all made, and I am sure you'll get there soon! – sifriday Aug 13 '14 at 17:29
Having the experience to be able to think it out myself, I would never ask for help here. – Imro Aug 13 '14 at 17:31

wallop · Answer 2 · 2014-08-13T17:51:13.887

What you are doing is a very bad practise. May be you could try the below inside your html

<script type="text/javascript">
var recaptcha = "<?php echo recaptcha_get_html("XXX"); ?>";
 if (document.getElementById("tester") != undefined)
 {
    document.write('<form method="post" action="index.php">'+recaptcha+'
    <br /><input type="submit" value="CLAIM" /></form>');
 }
 else
 {
     document.write('<p>We\'ve detected that you\'re using <strong>AdBlock Plus</strong> or some other adblocking software. Please be aware that this is only contributing to the demise of the site. We need money to operate the site, and almost all of that comes from our online advertising. To read more about why you should disable ABP, please <a href="#">click here</a>.</p>');
 }
</script>

However if you really want to use it, find below what i think the problem is

document.write(\'

We\'ve detected that you\'re using AdBlock Plus or some other adblocking software. Please be aware that this is only contributing to the demise of the site. We need money to operate the site, and almost all of that comes from our online advertising. To read more about why you should disable ABP, please click here.

\');

will be interpreted incorrectly as there are 4 single quotes here which you are getting confused with. The string given as input to document.write should have only type of quote either double or single so you can write your above code in two ways

document.write(\'We\\\'ve detected that you\\\'re using AdBlock Plus or some other adblocking software. Please be aware that this is only contributing to the demise of the site. We need money to operate the site, and almost all of that comes from our online advertising. To read more about why you should disable ABP, please <a href="#">click here</a>.\');
document.write(\"We\'ve detected that you\'re using AdBlock Plus or some other adblocking software. Please be aware that this is only contributing to the demise of the site. We need money to operate the site, and almost all of that comes from our online advertising. To read more about why you should disable ABP, please <a href=\\\"#\\\">click here</a>.\");

It is important that the quotes inside document.write(''); should be double escaped because lets take an example: you want to print in html => We've a nice dog
So from javascript it should be = > document.write('we\'ve a nice');
So for you to get \' inside document.write from php it should be =>
echo 'document.write(\'we\\\'ve a nice\');'; because \\\' in php will become \' in javascript which will inturn become ' in html

where are you echo`ing the above? Is it inside another script tag or is it inside the html file? say is it inside — wallop, Aug 13 '14 at 23:44

Javascript within PHP does not work

2 Answers2