PHP/Javascript/HTML problem

Re: PHP/Javascript/HTML problem

Phil Powell wrote:
[color=blue]
> I am having a potential PHP/Javascript/HTML conflict going on in my
> code that I simply can't resolve - been wracking my brain for a good
> hour over this one and have come up with no good solution.
>
> My resulting HTML tag MUST look like this:
>
> quote:
> <a href=index.php? section=person& action=delete_d ept&id=1
> onClick="return isOKDelete('Are you sure you wish to delete Department
> \"Phil\"?')" >
>
>
> Where
>
> $deptName = 'Phil'
> and
> $section = 'person'
> and
> $action = 'delete_dept'
>
> I can't figure out how to write my PHP code to ensure that that HTML
> tag will look like the above example and work in a
> dynamically-generated Javascript function, ALL at the very same time!
>
> Help appreciated, this is a showstopper for my app!
>
> Thanx
> Phil
>
> PS: I need this cross-posted in the hope of finding someone as equally
> skilled in PHP as in Javascript to be able to come up with the best
> idea for this as I can't.[/color]

<posting from Javascript Group>
Hmmmm... Well, without any code, no one can guarantee a solution to your
problem. Also, you don't need any help with your javascript. This is a
PHP only issue. You already know the Javascript that you need to
write... your issue is with PHP exclusively.

With that, the best person to figure this out is you. When you load the
page from the server, view the source of the web page in your browser.
What you will see, is exactly what the PHP page is putting out. Compare
that output with what you need it to be, and find where it is not
correct. Map that incorrect output to the PHP code that creates it, and
fix the problem specifically.

Brian

Re: PHP/Javascript/HTML problem

Phil Powell wrote:[color=blue]
> I am having a potential PHP/Javascript/HTML conflict going on in my
> code that I simply can't resolve - been wracking my brain for a good
> hour over this one and have come up with no good solution.
>
> My resulting HTML tag MUST look like this:
>
> quote:
> <a href=index.php? section=person& action=delete_d ept&id=1
> onClick="return isOKDelete('Are you sure you wish to delete Department
> \"Phil\"?')" >[/color]

Easy:

<?php
echo '<a href=index.php? section=person& action=delete_d ept&id=1
onClick="return isOKDelete(\'Ar e you sure you wish to delete Department
\"Phil\"?\')">' ;
?>

just inserted a backslash before the single quotes you had there.
[color=blue]
> Where[/color]

Ah, it gets more complicated :)
[color=blue]
> $deptName = 'Phil'
> and
> $section = 'person'
> and
> $action = 'delete_dept'[/color]

I see

<?php
echo '<a href=index.php? section=', $section, '&action=', $action, '&id=1
onClick="return isOKDelete(\'Ar e you sure you wish to delete Department
\"', $deptName, '\"?\')">';
?>

Does this replacement of "values" with "', $variable, '" do the trick?
^______________ _ stop quoting
___^^^^^^^^^___ _ print the value
______________^ _ restart quoting
[color=blue]
> PS: I need this cross-posted in the hope of finding someone as equally
> skilled in PHP as in Javascript to be able to come up with the best
> idea for this as I can't.[/color]

Have no idea about the JavaScript you have there.
--
--= my mail box only accepts =--
--= Content-Type: text/plain =--
--= Size below 10001 bytes =--

Re: PHP/Javascript/HTML problem

Phil Powell wrote:[color=blue]
> I am having a potential PHP/Javascript/HTML conflict going on in my
> code that I simply can't resolve - been wracking my brain for a good
> hour over this one and have come up with no good solution.
>
> My resulting HTML tag MUST look like this:
>
> quote:
> <a href=index.php? section=person& action=delete_d ept&id=1
> onClick="return isOKDelete('Are you sure you wish to delete Department
> \"Phil\"?')" >
>
>
> Where
>
> $deptName = 'Phil'
> and
> $section = 'person'
> and
> $action = 'delete_dept'
>
> I can't figure out how to write my PHP code to ensure that that HTML
> tag will look like the above example and work in a
> dynamically-generated Javascript function, ALL at the very same time!
>
> Help appreciated, this is a showstopper for my app!
>
> Thanx
> Phil
>
> PS: I need this cross-posted in the hope of finding someone as equally
> skilled in PHP as in Javascript to be able to come up with the best
> idea for this as I can't.[/color]


Phil,

You might want to try something like the following...

- Dan



Example:
=============== =============== =============== ===============

<script type="text/javascript"><!--
function confirmDelete(d eleteThis){
var result = confirm ('Are you sure you wish to delete Department
"'+deleteThis+' "?');
if (result) {
alert ('yes, you want to delete');
return true;
} else {
alert ('clicked it on accident, eh?');
return false;
}
}
--></script>



<?php

$section = "person";
$action = "delete_dep t";
$id = "1";
$deptName = "Phil";

echo "<a
href=\"action.p hp?section=".$s ection."&action =".$action."&id =".$id."\"
onClick=\"retur n confirmDelete(' ".$deptName."') ;\">Delete
".$deptName ."</a>";

?>
<br>
<br>
<a href="action.ph p?section=perso n&action=delete _dept&id=1"
onClick="return confirmDelete(' Phil');">Delete Phil</a>

Re: PHP/Javascript/HTML problem

Actually, Pedro, none of that worked.. backslashes, depending on however
many you used, caused the following problems:

1: PHP error
2+: Javascript error

I found on another board a potential solution, but I don't know if it's
universally acceptable in all browsers:

$msg = "return isOKDelete('Are you sure you wish to delete Department
`$deptName`?')" ;
$html .= "<a href=index.php? section=$sectio n&action=$actio n&id=$deptID
onClick=\"$msg\ ">";

It works in Mozilla 1.0

Phil

---------------------------------------
TCL and PHP: The Superior Web Languages!
Javascript: Is Cool
ASP: why?


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Re: PHP/Javascript/HTML problem

"Brian Genisio" <BrianGenisio@y ahoo.com> wrote in message
news:40351cfb$1 @10.10.0.241...
<snip>[color=blue][color=green]
>><a href=index.php? section=person& action=delete_d ept&id=1
>>onClick="retu rn isOKDelete('Are you sure you wish to
>>delete Department \"Phil\"?')" >[/color][/color]
<snip>[color=blue]
>... . This is a PHP only issue. You already
>know the Javascript that you need to
>write... your issue is with PHP exclusively.[/color]
<snip>

There is an HTML issue too; with the nesting of quotes.

Richard.

Re: PHP/Javascript/HTML problem

Phil Powell wrote:
[color=blue]
> I am having a potential PHP/Javascript/HTML conflict going on in my
> code that I simply can't resolve - been wracking my brain for a good
> hour over this one and have come up with no good solution.
>
> My resulting HTML tag MUST look like this:
>
> quote:
> <a href=index.php? section=person& action=delete_d ept&id=1
> onClick="return isOKDelete('Are you sure you wish to delete Department
> \"Phil\"?')" >
>
>
> Where
>
> $deptName = 'Phil'
> and
> $section = 'person'
> and
> $action = 'delete_dept'
>
> I can't figure out how to write my PHP code to ensure that that HTML
> tag will look like the above example and work in a
> dynamically-generated Javascript function, ALL at the very same time!
>
> Help appreciated, this is a showstopper for my app!
>
> Thanx
> Phil
>
> PS: I need this cross-posted in the hope of finding someone as equally
> skilled in PHP as in Javascript to be able to come up with the best
> idea for this as I can't.[/color]

<?php
$deptName = 'Phil';
$section = 'person';
$action = 'delete_dept';
?>

<a href="index.php ?<?php echo $section; ?>=person&actio n=<?php echo
$action; ?>&id=1" onClick="return isOKDelete('Are you sure you wish to
delete Department \'<?php echo $deptName; ?>\'?')">Test</a>

Watch for line wrap. I changed the quotes around a little. The issue is
actually Javascript and its time to eat so I didn't piddle long. It
seems it didn't like the onclick="return someFunction(' \"\" ')" issue.
Changing it to \'\' let it work.




--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/

Re: PHP/Javascript/HTML problem

I noticed that Message-ID:
<tZ9Zb.26069$oc 1.25046@newssvr 27.news.prodigy .com> from Dan Tripp
contained the following:
[color=blue]
>echo "<a
>href=\"action. php?section=".$ section."&actio n=".$action."&i d=".$id."\"
>onClick=\"retu rn confirmDelete(' ".$deptName."') ;\">Delete
>".$deptName. "</a>";
>
>?>
><br>
><br>
><a href="action.ph p?section=perso n&action=delete _dept&id=1"
>onClick="retur n confirmDelete(' Phil');">Delete Phil</a>[/color]

If we are being picky the ampersands should be &amp;

What happens for users without Javascript?

What happens if the page is spidered?

Hint: you won't like it...

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Re: PHP/Javascript/HTML problem

Geoff Berrow wrote:
[color=blue]
> If we are being picky the ampersands should be &amp;[/color]

Good point.

[color=blue]
> What happens for users without Javascript?[/color]

Doesn't work, obviously.

[color=blue]
> What happens if the page is spidered?[/color]

Probably deltes a bunch of stuff.

[color=blue]
> Hint: you won't like it...[/color]

You're right, I merely answered the question and didn't bother to go
further into it. How 'bout posting an example of how to do this better?

Regards,

- Dan

Re: PHP/Javascript/HTML problem

Dan Tripp wrote:
[color=blue][color=green]
>> What happens for users without Javascript?[/color]
> Doesn't work, obviously.[/color]

Rather, "Doesn't *work* as the OP intended it to." The JS obviously
won't be executed. In this case, the user simply isn't asked to verify
that they want to delete the selected record. Less functional, but
still *does* what it was intended to do.

I figured it was necessary to clarify before the next nitpicky poster
jumped in.

[color=blue][color=green]
>> What happens if the page is spidered?
>> Hint: you won't like it...[/color][/color]

Upon reflection, I find it necessary to ask why you think that anyone
with any common sense would put an admin page out without any regard for
security? Meaning, why are you assuming that this delete page is
publicly readable, instead of behind some sort of page/directory
protection (.htaccess or whatnot)? If you put administrative pages out
for the world to see, you get what you deserve.

The spider argument is flat-out stupid. Might as well ask "what happens
if the web server has no power?" It's an equally big "gotcha."

- Dan

Re: PHP/Javascript/HTML problem

Thanx Dan for backing me up.

For clarification, the admin tool will be behind an SSL layer with
htaccesa and user authentication optional methodology.. just to tighten
things up a bit.. so I think spidering ain't gonna happen, assuming that
this tool is properly installed per client within that platform, else,
the client gets what they deserve and my company (and I) still get paid
and I can still eat Thai.

And requirements for this tool are to have cookies enabled, optional
will be Javascript enabled and will have to inform the client that there
will be server-side options as well since most of the validation is
server-side for now anyway.

Oh, and BTW guys, I can't use "echo" anything because everything is
embedded in a class method in PHP that returns a String value.

Phil
---------------------------------------
TCL and PHP: The Superior Web Languages!
Javascript: Is Cool
ASP: why?


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Re: PHP/Javascript/HTML problem

The Nordic One wrote:
[color=blue]
> Oh, and BTW guys, I can't use "echo" anything because everything is
> embedded in a class method in PHP that returns a String value.[/color]


Have the class return the string for the entire link (if possible) and
then echo it. The issue with the javascript error will still remain
though. For some reason, it doesn't like the escaped " inside the ".
When I changed it to 'name' instead of \"name\", it worked perfectly.


--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/

Re: PHP/Javascript/HTML problem

"Randy Webb" <hikksnotathome @aol.com> wrote in message
news:TaKdnYvoVY wuBqjdRVn-uQ@comcast.com. ..
<snip>[color=blue]
>For some reason, it doesn't like the escaped " inside the ".
>When I changed it to 'name' instead of \"name\", it worked
>perfectly.[/color]

That will be the HTML parser because the onclick attribute value is in
double quotes the first of the - \" - encountered will mark the end of
the attribute value for the HTML as javascript escapes are meaningless
in HTML. Probably a javascript hex escape would be better: \x22 == "

Richard.

Re: PHP/Javascript/HTML problem

Richard Cornford wrote:
[color=blue]
> "Randy Webb" <hikksnotathome @aol.com> wrote in message
> news:TaKdnYvoVY wuBqjdRVn-uQ@comcast.com. ..
> <snip>
>[color=green]
>>For some reason, it doesn't like the escaped " inside the ".
>>When I changed it to 'name' instead of \"name\", it worked
>>perfectly.[/color]
>
>
> That will be the HTML parser because the onclick attribute value is in
> double quotes the first of the - \" - encountered will mark the end of
> the attribute value for the HTML as javascript escapes are meaningless
> in HTML. Probably a javascript hex escape would be better: \x22 == "
>[/color]

I knew there was a reason, I just couldn't remember why. Thanks.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/

Re: PHP/Javascript/HTML problem

I noticed that Message-ID:
<B1gZb.27900$xJ 3.26885@newssvr 25.news.prodigy .com> from Dan Tripp
contained the following:
[color=blue]
>
>Upon reflection, I find it necessary to ask why you think that anyone
>with any common sense would put an admin page out without any regard for
>security? Meaning, why are you assuming that this delete page is
>publicly readable, instead of behind some sort of page/directory
>protection (.htaccess or whatnot)? If you put administrative pages out
>for the world to see, you get what you deserve.
>
>The spider argument is flat-out stupid. Might as well ask "what happens
>if the web server has no power?" It's an equally big "gotcha."[/color]

I wouldn't go as far as that. There is nothing wrong with register
globals =on if coded properly. But like this code, it is an accident
waiting to happen. And I have read of cases where it has happened.

Not worth the risk.

The solution? Put the stuff in a form and make the delete mechanism an
image field or a button.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/