I'm trying to concatenate PHP with Javascript, but I'm not getting it.
<button onclick="gravaDados('/" . <?php echo nomeCliente; ?> . /"')" class="btn-playpause">Play</button>
Thank you
I'm trying to concatenate PHP with Javascript, but I'm not getting it.
<button onclick="gravaDados('/" . <?php echo nomeCliente; ?> . /"')" class="btn-playpause">Play</button>
Thank you
Here we go:
<button onclick="gravaDados('<?= $nomeCliente; ?>')" class="btn-playpause">Play</button>
The tags <?= ?>
mean the same thing as <?php echo ...; ?>
.
The problem is that you do not need to escape the quotation marks because because it is with \
and at the same time you are doing concatenation outside PHP
Just like this:
<button onclick="return gravaDados('<?php echo $nomeCliente; ?>');" class="btn-playpause">Play</button>
Another alternative might be to use printf
(or sprintf
depending on the case):
printf('<button onclick="gravaDados(\'%s\')" class="btn-playpause">Play</button>', $nomeCliente);
I do not think it's the best option, but it's another option.
Depending on the context, I believe you should code the HTML of $nomeCliente
in order to mitigate XSS, in this case something like:
printf('<button onclick="gravaDados(\'%s\')" class="btn-playpause">Play</button>',
htmlentities($nomeCliente, ENT_QUOTES | ENT_HTML5, 'UTF-8'));
Without using htmlentities
, the way the other responses did, if the value of $nomeCliente
is );alert('XSS
will inject an alert (or any other malicious code that the user obviously wants) a href="http://sandbox.onlinephpfunctions.com/code/f32ee67e0424b6968d43464d1216cfed8207b4a9"> see here .