Concatenate Javascript with PHP

Question

Concatenate Javascript with PHP

Navigation

#1 by (3 votes)
#2 by (1 votes)
#3 by (1 votes)

3

I'm trying to concatenate PHP with Javascript, but I'm not getting it.

<button onclick="gravaDados('/" . <?php echo nomeCliente; ?> . /"')" class="btn-playpause">Play</button>

Thank you

php javascript

asked by anonymous 11.08.2017 / 23:45

3 answers

Uncaught SyntaxError: Unexpected token {[closed] Login with Android PHP and Mysql

score 3 · Answer 1

3

Here we go:

<button onclick="gravaDados('<?= $nomeCliente; ?>')" class="btn-playpause">Play</button>

The tags <?= ?> mean the same thing as <?php echo ...; ?> .

Difference between php tags

11.08.2017 / 23:47

1

The problem is that you do not need to escape the quotation marks because because it is with \ and at the same time you are doing concatenation outside PHP

Just like this:

<button onclick="return gravaDados('<?php echo $nomeCliente; ?>');" class="btn-playpause">Play</button>

11.08.2017 / 23:58

1

Another alternative might be to use printf (or sprintf depending on the case):

printf('<button onclick="gravaDados(\'%s\')" class="btn-playpause">Play</button>', $nomeCliente);

I do not think it's the best option, but it's another option.

Depending on the context, I believe you should code the HTML of $nomeCliente in order to mitigate XSS, in this case something like:

printf('<button onclick="gravaDados(\'%s\')" class="btn-playpause">Play</button>',
htmlentities($nomeCliente, ENT_QUOTES | ENT_HTML5, 'UTF-8'));

Without using htmlentities , the way the other responses did, if the value of $nomeCliente is );alert('XSS will inject an alert (or any other malicious code that the user obviously wants) a href="http://sandbox.onlinephpfunctions.com/code/f32ee67e0424b6968d43464d1216cfed8207b4a9"> see here .

12.08.2017 / 01:50

score 1 · Answer 2