PHP/Javascript/HTML problem

Re: PHP/Javascript/HTML problem

Phil Powell wrote:[color=blue]
> I am having a potential PHP/Javascript/HTML conflict going on in my
> code that I simply can't resolve - been wracking my brain for a good
> hour over this one and have come up with no good solution.
>
> My resulting HTML tag MUST look like this:
>
> quote:
> <a href=index.php? section=person& action=delete_d ept&id=1
> onClick="return isOKDelete('Are you sure you wish to delete Department
> \"Phil\"?')" >[/color]

Easy:

<?php
echo '<a href=index.php? section=person& action=delete_d ept&id=1
onClick="return isOKDelete(\'Ar e you sure you wish to delete Department
\"Phil\"?\')">' ;
?>

just inserted a backslash before the single quotes you had there.
[color=blue]
> Where[/color]

Ah, it gets more complicated :)
[color=blue]
> $deptName = 'Phil'
> and
> $section = 'person'
> and
> $action = 'delete_dept'[/color]

I see

<?php
echo '<a href=index.php? section=', $section, '&action=', $action, '&id=1
onClick="return isOKDelete(\'Ar e you sure you wish to delete Department
\"', $deptName, '\"?\')">';
?>

Does this replacement of "values" with "', $variable, '" do the trick?
^______________ _ stop quoting
___^^^^^^^^^___ _ print the value
______________^ _ restart quoting
[color=blue]
> PS: I need this cross-posted in the hope of finding someone as equally
> skilled in PHP as in Javascript to be able to come up with the best
> idea for this as I can't.[/color]

Have no idea about the JavaScript you have there.
--
--= my mail box only accepts =--
--= Content-Type: text/plain =--
--= Size below 10001 bytes =--

Re: PHP/Javascript/HTML problem

Phil Powell wrote:[color=blue]
> I am having a potential PHP/Javascript/HTML conflict going on in my
> code that I simply can't resolve - been wracking my brain for a good
> hour over this one and have come up with no good solution.
>
> My resulting HTML tag MUST look like this:
>
> quote:
> <a href=index.php? section=person& action=delete_d ept&id=1
> onClick="return isOKDelete('Are you sure you wish to delete Department
> \"Phil\"?')" >
>
>
> Where
>
> $deptName = 'Phil'
> and
> $section = 'person'
> and
> $action = 'delete_dept'
>
> I can't figure out how to write my PHP code to ensure that that HTML
> tag will look like the above example and work in a
> dynamically-generated Javascript function, ALL at the very same time!
>
> Help appreciated, this is a showstopper for my app!
>
> Thanx
> Phil
>
> PS: I need this cross-posted in the hope of finding someone as equally
> skilled in PHP as in Javascript to be able to come up with the best
> idea for this as I can't.[/color]


Phil,

You might want to try something like the following...

- Dan



Example:
=============== =============== =============== ===============

<script type="text/javascript"><!--
function confirmDelete(d eleteThis){
var result = confirm ('Are you sure you wish to delete Department
"'+deleteThis+' "?');
if (result) {
alert ('yes, you want to delete');
return true;
} else {
alert ('clicked it on accident, eh?');
return false;
}
}
--></script>



<?php

$section = "person";
$action = "delete_dep t";
$id = "1";
$deptName = "Phil";

echo "<a
href=\"action.p hp?section=".$s ection."&action =".$action."&id =".$id."\"
onClick=\"retur n confirmDelete(' ".$deptName."') ;\">Delete
".$deptName ."</a>";

?>
<br>
<br>
<a href="action.ph p?section=perso n&action=delete _dept&id=1"
onClick="return confirmDelete(' Phil');">Delete Phil</a>

Re: PHP/Javascript/HTML problem

Phil Powell wrote:
[color=blue]
> I am having a potential PHP/Javascript/HTML conflict going on in my
> code that I simply can't resolve - been wracking my brain for a good
> hour over this one and have come up with no good solution.
>
> My resulting HTML tag MUST look like this:
>
> quote:
> <a href=index.php? section=person& action=delete_d ept&id=1
> onClick="return isOKDelete('Are you sure you wish to delete Department
> \"Phil\"?')" >
>
>
> Where
>
> $deptName = 'Phil'
> and
> $section = 'person'
> and
> $action = 'delete_dept'
>
> I can't figure out how to write my PHP code to ensure that that HTML
> tag will look like the above example and work in a
> dynamically-generated Javascript function, ALL at the very same time!
>
> Help appreciated, this is a showstopper for my app!
>
> Thanx
> Phil
>
> PS: I need this cross-posted in the hope of finding someone as equally
> skilled in PHP as in Javascript to be able to come up with the best
> idea for this as I can't.[/color]

<?php
$deptName = 'Phil';
$section = 'person';
$action = 'delete_dept';
?>

<a href="index.php ?<?php echo $section; ?>=person&actio n=<?php echo
$action; ?>&id=1" onClick="return isOKDelete('Are you sure you wish to
delete Department \'<?php echo $deptName; ?>\'?')">Test</a>

Watch for line wrap. I changed the quotes around a little. The issue is
actually Javascript and its time to eat so I didn't piddle long. It
seems it didn't like the onclick="return someFunction(' \"\" ')" issue.
Changing it to \'\' let it work.




--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/

Re: PHP/Javascript/HTML problem

I noticed that Message-ID:
<tZ9Zb.26069$oc 1.25046@newssvr 27.news.prodigy .com> from Dan Tripp
contained the following:
[color=blue]
>echo "<a
>href=\"action. php?section=".$ section."&actio n=".$action."&i d=".$id."\"
>onClick=\"retu rn confirmDelete(' ".$deptName."') ;\">Delete
>".$deptName. "</a>";
>
>?>
><br>
><br>
><a href="action.ph p?section=perso n&action=delete _dept&id=1"
>onClick="retur n confirmDelete(' Phil');">Delete Phil</a>[/color]

If we are being picky the ampersands should be &amp;

What happens for users without Javascript?

What happens if the page is spidered?

Hint: you won't like it...

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Re: PHP/Javascript/HTML problem

Geoff Berrow wrote:
[color=blue]
> If we are being picky the ampersands should be &amp;[/color]

Good point.

[color=blue]
> What happens for users without Javascript?[/color]

Doesn't work, obviously.

[color=blue]
> What happens if the page is spidered?[/color]

Probably deltes a bunch of stuff.

[color=blue]
> Hint: you won't like it...[/color]

You're right, I merely answered the question and didn't bother to go
further into it. How 'bout posting an example of how to do this better?

Regards,

- Dan

Re: PHP/Javascript/HTML problem

Dan Tripp wrote:
[color=blue][color=green]
>> What happens for users without Javascript?[/color]
> Doesn't work, obviously.[/color]

Rather, "Doesn't *work* as the OP intended it to." The JS obviously
won't be executed. In this case, the user simply isn't asked to verify
that they want to delete the selected record. Less functional, but
still *does* what it was intended to do.

I figured it was necessary to clarify before the next nitpicky poster
jumped in.

[color=blue][color=green]
>> What happens if the page is spidered?
>> Hint: you won't like it...[/color][/color]

Upon reflection, I find it necessary to ask why you think that anyone
with any common sense would put an admin page out without any regard for
security? Meaning, why are you assuming that this delete page is
publicly readable, instead of behind some sort of page/directory
protection (.htaccess or whatnot)? If you put administrative pages out
for the world to see, you get what you deserve.

The spider argument is flat-out stupid. Might as well ask "what happens
if the web server has no power?" It's an equally big "gotcha."

- Dan

Re: PHP/Javascript/HTML problem

The Nordic One wrote:
[color=blue]
> Oh, and BTW guys, I can't use "echo" anything because everything is
> embedded in a class method in PHP that returns a String value.[/color]


Have the class return the string for the entire link (if possible) and
then echo it. The issue with the javascript error will still remain
though. For some reason, it doesn't like the escaped " inside the ".
When I changed it to 'name' instead of \"name\", it worked perfectly.


--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/

Re: PHP/Javascript/HTML problem

"Randy Webb" <hikksnotathome @aol.com> wrote in message
news:TaKdnYvoVY wuBqjdRVn-uQ@comcast.com. ..
<snip>[color=blue]
>For some reason, it doesn't like the escaped " inside the ".
>When I changed it to 'name' instead of \"name\", it worked
>perfectly.[/color]

That will be the HTML parser because the onclick attribute value is in
double quotes the first of the - \" - encountered will mark the end of
the attribute value for the HTML as javascript escapes are meaningless
in HTML. Probably a javascript hex escape would be better: \x22 == "

Richard.

Re: PHP/Javascript/HTML problem

Richard Cornford wrote:
[color=blue]
> "Randy Webb" <hikksnotathome @aol.com> wrote in message
> news:TaKdnYvoVY wuBqjdRVn-uQ@comcast.com. ..
> <snip>
>[color=green]
>>For some reason, it doesn't like the escaped " inside the ".
>>When I changed it to 'name' instead of \"name\", it worked
>>perfectly.[/color]
>
>
> That will be the HTML parser because the onclick attribute value is in
> double quotes the first of the - \" - encountered will mark the end of
> the attribute value for the HTML as javascript escapes are meaningless
> in HTML. Probably a javascript hex escape would be better: \x22 == "
>[/color]

I knew there was a reason, I just couldn't remember why. Thanks.

--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/

Re: PHP/Javascript/HTML problem

I noticed that Message-ID:
<B1gZb.27900$xJ 3.26885@newssvr 25.news.prodigy .com> from Dan Tripp
contained the following:
[color=blue]
>
>Upon reflection, I find it necessary to ask why you think that anyone
>with any common sense would put an admin page out without any regard for
>security? Meaning, why are you assuming that this delete page is
>publicly readable, instead of behind some sort of page/directory
>protection (.htaccess or whatnot)? If you put administrative pages out
>for the world to see, you get what you deserve.
>
>The spider argument is flat-out stupid. Might as well ask "what happens
>if the web server has no power?" It's an equally big "gotcha."[/color]

I wouldn't go as far as that. There is nothing wrong with register
globals =on if coded properly. But like this code, it is an accident
waiting to happen. And I have read of cases where it has happened.

Not worth the risk.

The solution? Put the stuff in a form and make the delete mechanism an
image field or a button.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Re: PHP/Javascript/HTML problem

Phil Powell wrote:[color=blue]
> I am having a potential PHP/Javascript/HTML conflict going on in my
> code that I simply can't resolve - been wracking my brain for a good
> hour over this one and have come up with no good solution.
>
> My resulting HTML tag MUST look like this:
>
> quote:
> <a href=index.php? section=person& action=delete_d ept&id=1
> onClick="return isOKDelete('Are you sure you wish to delete Department
> \"Phil\"?')" >
>
>
> Where
>
> $deptName = 'Phil'
> and
> $section = 'person'
> and
> $action = 'delete_dept'
>
> I can't figure out how to write my PHP code to ensure that that HTML
> tag will look like the above example and work in a
> dynamically-generated Javascript function, ALL at the very same time!
>
> Help appreciated, this is a showstopper for my app!
>
> Thanx
> Phil
>
> PS: I need this cross-posted in the hope of finding someone as equally
> skilled in PHP as in Javascript to be able to come up with the best
> idea for this as I can't.[/color]


I've not read the long list of posts the come forward with javascript
solutions, but I think its a PHP issue, and you should go to



and look into

urldecode(), urlencode(), rawurlencode() and rawurldecode()

One of them is bound to get you there...

randelld

Re: PHP/Javascript/HTML problem

Reply Via Newsgroup wrote:[color=blue]
> Phil Powell wrote:
>[color=green]
>> I am having a potential PHP/Javascript/HTML conflict going on in my
>> code that I simply can't resolve - been wracking my brain for a good
>> hour over this one and have come up with no good solution.
>>
>> My resulting HTML tag MUST look like this:
>>
>> quote:
>> <a href=index.php? section=person& action=delete_d ept&id=1
>> onClick="return isOKDelete('Are you sure you wish to delete Department
>> \"Phil\"?')" >
>>
>>
>> Where
>>
>> $deptName = 'Phil'
>> and
>> $section = 'person'
>> and
>> $action = 'delete_dept'
>>
>> I can't figure out how to write my PHP code to ensure that that HTML
>> tag will look like the above example and work in a
>> dynamically-generated Javascript function, ALL at the very same time!
>>
>> Help appreciated, this is a showstopper for my app!
>>
>> Thanx
>> Phil
>>
>> PS: I need this cross-posted in the hope of finding someone as equally
>> skilled in PHP as in Javascript to be able to come up with the best
>> idea for this as I can't.[/color]
>
>
>
> I've not read the long list of posts the come forward with javascript
> solutions, but I think its a PHP issue, and you should go to
>
> www.php.net
>
> and look into
>
> urldecode(), urlencode(), rawurlencode() and rawurldecode()
>
> One of them is bound to get you there...[/color]

The problem is not PHP related, its javascript related and has to do
with the quoting order and the only thing you can change in PHP to "fix"
that is to have it issue a different quote order.


--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/

Re: PHP/Javascript/HTML problem

Richard Cornford wrote:
[color=blue]
> "Randy Webb" <hikksnotathome @aol.com> wrote in message
> news:TaKdnYvoVY wuBqjdRVn-uQ@comcast.com. ..
> <snip>[color=green]
>>For some reason, it doesn't like the escaped " inside the ".
>>When I changed it to 'name' instead of \"name\", it worked
>>perfectly.[/color]
>
> That will be the HTML parser because the onclick attribute value is in
> double quotes the first of the - \" - encountered will mark the end of
> the attribute value for the HTML as javascript escapes are meaningless
> in HTML. Probably a javascript hex escape would be better: \x22 == "[/color]

You could equally use ' as HTML attribute value delimiters and safely
escape the " within the JavaScript string delimited by ". But either
quote character may get you in trouble with the PHP parser, depending
on how the link is output by PHP.


PointedEars