I'm trying to concatenate PHP with Javascript, but I'm not getting it.
<button onclick="gravaDados('/" . <?php echo nomeCliente; ?> . /"')" class="btn-playpause">Play</button>Thank you
Concatenate Javascript with PHP
3
asked by anonymous 11.08.2017 / 23:45
3 answers
3
Here we go:
<button onclick="gravaDados('<?= $nomeCliente; ?>')" class="btn-playpause">Play</button>
The tags <?= ?> mean the same thing as <?php echo ...; ?> .
11.08.2017 / 23:47
1
The problem is that you do not need to escape the quotation marks because because it is with \ and at the same time you are doing concatenation outside PHP
Just like this:
<button onclick="return gravaDados('<?php echo $nomeCliente; ?>');" class="btn-playpause">Play</button>
11.08.2017 / 23:58
1
Another alternative might be to use printf (or sprintf depending on the case):
printf('<button onclick="gravaDados(\'%s\')" class="btn-playpause">Play</button>', $nomeCliente);
I do not think it's the best option, but it's another option.
Depending on the context, I believe you should code the HTML of $nomeCliente in order to mitigate XSS, in this case something like:
printf('<button onclick="gravaDados(\'%s\')" class="btn-playpause">Play</button>',
htmlentities($nomeCliente, ENT_QUOTES | ENT_HTML5, 'UTF-8'));
Without using htmlentities , the way the other responses did, if the value of $nomeCliente is );alert('XSS will inject an alert (or any other malicious code that the user obviously wants) a href="http://sandbox.onlinephpfunctions.com/code/f32ee67e0424b6968d43464d1216cfed8207b4a9"> see here .
12.08.2017 / 01:50