PDA

View Full Version : Write action without '



lindm
09-08-2007, 01:58 PM
Is it possible anyway to write this html/javascript without the use of single hyphen? (' ')
Perhaps a separate javascript function? The 'writeform.php' is causing problems with a following php script...


<input
type="button" class="px10"
onclick="this.form.action='writeform.php'; this.form.submit();"
value="Import"
>

boogyman
09-08-2007, 02:10 PM
yes it is possible, but you would need to escape all of the double quotes with a backslash ( \ )



<input type=\"button\" class=\"px10\"
...
>

Twey
09-08-2007, 05:08 PM
Which is one reason among several that you should always break out of PHP parsing mode when outputting HTML or any other sort of complex data.

boogyman
09-08-2007, 10:16 PM
he's talking about parsing in javascript not php

Twey
09-08-2007, 11:10 PM
No, s/he has a statement such as:
print '<input';
print ' type="button" class="px10"';
print ' onclick="this.form.action='writeform.php';'
print ' this.form.submit();"';
print ' value="Import"';
print '>';... which isn't working because of the single quotes around 'writeform.php.' It would be better written as:
?>
<input
type="button" class="px10"
onclick="this.form.action='writeform.php'; this.form.submit();"
value="Import"
>
<?phpIt would be even better if you didn't use the Javascript at all: try a type="submit" input element:
<input
type="submit"
class="px10"
name="action"
value="Import"
>... then check if($_REQUEST['action'] === 'Import') in the page to which it submits, perhaps calling writeform.php if necessary. That class="px10" also look as if you might have something like:
.px10 {
width: 10px;
}If that's so, don't a) use pixels to size elements containing text or b) use class names that describe their style. Class names should be semantic and refer to the elements that they style, e.g. "submit-button".

lindm
09-09-2007, 09:54 AM
What I am doing is using a php that writes html code to a html file:


$stringData =

' HTMLCODE ';

The single quotes breaks the $stringData variable...

Boogyman, do you mean like this?


<input
type=\"button\" class=\"px10\"
onclick=\"this.form.action=writeform.php; this.form.submit();\"
value=\"Import\"
>

The px10 class is for the font size.

Twey
09-09-2007, 08:10 PM
What I am doing is using a php that writes html code to a html file:Well, you have two obvious options for readability, then: one is output buffers:
ob_start();
?>
<input
type="submit"
class="px10"
name="action"
value="Import"
>
<?php
$stringData = ob_get_clean();and the other is the heredoc syntax:
$stringData = <<<EOF
<input
type="submit"
class="px10"
name="action"
value="Import"
>
EOF;The former is often easier because the latter still parses variables and such in the value. Either way, you should still be performing this check server-side, not using Javascript.

lindm
09-10-2007, 07:15 PM
Could I create a function without single quotes that then is called by the onclick? Have tried a bit but can't get it to work...


function submitformSIE()
{
this.form.action="writeformsie.php";
return true;
}


<input type="button" name="button2" id="button2" onclick="submitformSIE()" value="Button" />

Twey
09-10-2007, 08:16 PM
Hey, are all my posts in this thread invisible?

You don't need and shouldn't use Javascript here.
Even if you did need to use Javascript, you don't need to and shouldn't be enclosing the whole thing with ugly quotes.

djr33
09-10-2007, 09:20 PM
Twey's suggestions are good ones.

Using javascript when you don't need it is at best limiting some viewers on your page from submitting. It's also not secure.

Anyway, you can always escape quotes, in javascript, PHP, etc.

'Shouldn\'t be hard to do like this'
"or, \"Like this!\", I said..."

You can't simply write the javascript "without" the quotes, since that would cause random characters to be output which would be worthless to the browser (or even cause some strange reaction).
But you can, using the correct methods, display this using PHP.

Twey
09-10-2007, 10:31 PM
Anyway, you can always escape quotes, in javascript, PHP, etc.

'Shouldn\'t be hard to do like this'
"or, \"Like this!\", I said..."This does work (and has also been mentioned already), but is often inferior due to worse readability, especially for complex strings. It also makes it difficult to output nicely formatted code.

lindm
09-11-2007, 02:23 PM
Got a working solution now. For me it doesn't matter if javascript locks users out since other functions on my page require javascript. I am a bit afraid of security issues...please explain. Here is my code:

FUNCTION IN HEAD

function OnSubmitForm()
{
if(document.pressed == "Import")
{
document.form.action ="writeformsie.php";
}
return true;
}

CODE IN FORM TAG

onSubmit="return OnSubmitForm();"

CALLING THE FUNCTION

<INPUT name="SIE" TYPE="SUBMIT" class="px10" onClick="document.pressed=this.value" VALUE="Import">

Twey
09-11-2007, 02:37 PM
For me it doesn't matter if javascript locks users out since other functions on my page require javascript.Then they need fixing as well.
I am a bit afraid of security issues...please explain.There aren't any in this particular case.

With regards to the Javascript itself:
if(document.pressed == "Import")document.pressed doesn't exist. Perhaps you mean document.getElementById('pressed')?
document.form.action ="writeformsie.php";Likewise, document.form doesn't exist. If "form" is the name of your form, you should use:
document.forms.form.action

lindm
09-11-2007, 04:26 PM
Understand you Twey. The javascript works strangely enough. Adjusted the document.forms.form fault. As for the .pressed reference...isn't this doable due to the fact that document.pressed is defined in the function?

Twey
09-11-2007, 05:07 PM
It is, aye. I thought it was an element. You'd be better off making it a property of window though.