0

I'm writing javascript with php like:

echo '<a class="'.$classTag.'" href="javascript: OpenModalDialog(\''.$MenuItem['table_name'].'\', \''.($MenuItem['where_clause']).'\');"><span>View Data</span></a>';

This results in this:

echo '<a class="'.$classTag.'" href="javascript: OpenModalDialog('input_lijstwerk_401', ' WHERE DATE_FORMAT(Datum, '%Y%m') = '201606'');"><span>View Data</span></a>';

The problem is in the variable: $MenuItem['where_clause'] with the single quotes inside the signature of the openModalDialog: ' WHERE DATE_FORMAT(Datum, '%Y%m') = '201606''

I have tried with json_encode, htmlspecialchars. We are working with PHP7

I hope that someone can help me out this problem.

Thanks,

Nico

Mikev
  • 2,012
  • 1
  • 15
  • 27
user2363969
  • 105
  • 1
  • 10
  • I'd say it is generally a bad idea to put SQL in Javascript. If you really want to do it anyway, take a look at a decent template engine (don't `echo` your HTML/JS). – Bart Friederichs Jun 21 '17 at 11:34
  • You want to JSON-encode a string (for Javascript syntax) in an HTML attribute… see the duplicate. – deceze Jun 21 '17 at 11:36
  • you may look for function `addslashes` but as Brat said SQL in javascript is very bad idea – Kazz Jun 21 '17 at 11:39
  • I don't know why it is a bad idea to put SQL in javascript. I open a Modaldialog – user2363969 Jun 21 '17 at 14:53
  • On this moment the answers are not working in my case, so why is this marked as duplicate? And why is it a bad idea to put SQL in javascript, because I open a modaldiaglog to stay on the page and get the data into excel. If build the piece of SQL in javascript by discrete variables, than it is working. But what I want to know is it possible to get quotes inside a variable? If not than I have another possibility, to get it working. – user2363969 Jun 21 '17 at 15:00

0 Answers0