-2

I am trying to pass a variable with caracter ", but there is a problem with " of "Big Bang".

<?php
   echo $aux; //Hi! "Text" Text2'Text3
?>

//mysql_real_escape_string($aux);
addslashes($aux); //return Hi! \"Big Bang\" Text\'Text2 

<a onclick="share('<?= $aux ?>')">Send</a>
Zarlok
  • 13
  • 1
  • 8

1 Answers1

0

What you should be doing is generating a JavaScript string , so you need to escape for JavaScript (json_encode()) and remove the call to addslashes which is for escaping PHP.

<a onclick='share(<?= json_encode($aux) ?>)'>Send</a>

Note that if you have any HTML entities in your PHP string, such as &lt; they will be decoded by the HTML parser. That was the problem with HTML encoding your quotes, they were being decoded to quotes within a JavaScript quote.

Ideally, you'd separate your concerns to avoid combining 3 languages.

The following example makes the data from PHP available in JavaScript (escape for JavaScript)

<a id='share-link'>Send</a>
<script>
document.getElementById('share-link').addEventListener('click', function() {
   var shareContent = <?= json_encode($aux) ?>;
   share(shareContent);
});
</script>

Or you could embed the data from PHP into a data attribute (escape for HTML)

<a id="share-link" data-share-content="<?= htmlentities($aux) ?>">Send</a>
<script>
document.getElementById('share-link').addEventListener('click', function() {
   share( this.getAttribute("data-share-content") );
});
</script>

You could even go back to your inline script (not recommended)

<a id="share-link" 
   onclick="share(this.getAttribute('data-share-content'))"
   data-share-content="<?= htmlentities($aux) ?>"
>Send</a>
Ruan Mendes
  • 90,375
  • 31
  • 153
  • 217
  • Error: Send – Zarlok Dec 31 '14 at 15:05
  • @Zarlok Notice that I used single quotes around `onclick='share()'` because `json_encode` is going to create a double quoted string. You did not use the code I suggested – Ruan Mendes Dec 31 '14 at 15:09
  • @Zarlok It looks like it's not a good idea to escape HTML entities in JavaScript string attribute, use just `json_encode` as I've updated my answer to use – Ruan Mendes Dec 31 '14 at 15:16
  • Using json_encode doesn't work... – Zarlok Dec 31 '14 at 15:21
  • @Zarlok "doesn't work" is not a very helpful comment. You should always explain what the problem was. Show what HTML was actually output. See my updates – Ruan Mendes Dec 31 '14 at 15:27
  • Cuando pasas parámetros de tipo string en una función debe estar entre comillas. En este caso deberían ser dobles. El problema que tengo es que cierra con la comilla que contiene la variable – Zarlok Dec 31 '14 at 15:46
  • @Zarlok This site is English, Spanish will make this post not useful to others. Also, Spanish is not my native language. I understand your problem, your quotes in your PHP string are closing your JavaScript string. You have to properly escape it depending on the context, and I showed you three different ways to do it. Update your answer properly explaining what went wrong: "I tried this, but this is the HTML that was generated" – Ruan Mendes Dec 31 '14 at 16:09
  • It's already works!: Send Using json_encode didn't work, but using addslashes works correctly ^^ – Zarlok Jan 02 '15 at 10:12