1

I am scripting a chat for a forum, and it seems that it uses php to get the user's avatars. (PS idk anything about weather or not javascript can use sql databases or how to work with it so i would like to stick to php) But the problem is that the javascript isnt liking it if i put php variables into it.

    getUserNodeString: function(userID, userName, userRole) {
    var encodedUserName, str;
    if(this.userNodeString && userID === this.userID) {
        return this.userNodeString;
    } else {
        encodedUserName = this.scriptLinkEncode(userName);
        str = '<div id="'
                + this.getUserDocumentID(userID)
                + '"><a href="javascript:ajaxChat.toggleUserMenu(\''
                + this.getUserMenuDocumentID(userID)
                + '\', \''
                + encodedUserName
                + '\', '
                + userID
                + ');" class="'
                + this.getRoleClass(userRole)
                + '" title="'
                + this.lang['toggleUserMenu'].replace(/%s/, userName)
                + '">'
                + userName
                + '</a><?php echo \'<img src="test.php" />\' ?>'
                + '<ul class="userMenu" id="'
                + this.getUserMenuDocumentID(userID)
                + '"'
                + ((userID === this.userID) ?
                    '>'+this.getUserNodeStringItems(encodedUserName, userID, false) :
                    ' style="display:none;">')
                + '</ul>'
                +'</div>';
        if(userID === this.userID) {
            this.userNodeString = str;
        }
        return str; 
    }
},
  • '</a><?php echo \'<img src="test.png" />\' ?>' is the line thet im trying to use, i havent put my variable yet, im trying it with a test immage first
Improve this question
5
  • Is that a .php file? Commented Jan 31, 2015 at 19:27
  • What is the question? What are you trying to do? Where the heck did you took that code? Commented Jan 31, 2015 at 19:29
  • this is a .js file, its taken from ajax chat Commented Jan 31, 2015 at 19:49
  • Then no, see my answer. Commented Jan 31, 2015 at 19:52
  • So, you simply threw some PHP inside the file? No, that won't work! You have to rename it to .js.php, Then you put the following on the first line:header('Content-type: application/javascript');, enclosed between php tags. That must be the first line and there can be nothing being echoed to the browser. If your file is in UTF-8, encode it in UTF-8 without BOM. Commented Jan 31, 2015 at 19:56

2 Answers 2

Reset to default
1

It should be like this:

+ '</a><img src="<?php echo htmlentities($src, ENT_DISALLOWED | ENT_QUOTES | ENT_HTML5) ?>" />'

You should only escape back into PHP for the specific part of the code that needs to contain the PHP variable. The rest of it should be literal HTML or Javascript.

You should also use htmlspecialchars() to ensure that the variable content is encoded properly to be used in an HTML attribute, in case it contains special characters.

The above is for getting a PHP variable into a JS literal that contains HTML code. If just you want to get a PHP value into a Javascript variable, it's slightly different. Then you can use json_encode() to generate the JS representation:

var js_var = <?php echo json_encode($php_var) ?>;
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Don't forget to use the flag ENT_QUOTES. And use htmlentities() instead. To ensure that it will work always, use htmlentities($src, ENT_DISALLOWED | ENT_QUOTES | ENT_HTML5). Also, your 2nd example won't work that well, since there are characters that Javascript doesn't like. Newlines are one of them. You have to use addcslashes(json_encode($php_var)) to ensure it works.
I can never keep straight when to use htmlentities versus htmlspecialchars. I thought entities is for HTML elements, specialchars for attributes.
Both of them, without the right flags, will leave quotes behind. The difference between them is that htmlentities() encodes all the characters with an entity, while htmlspecialchars() only encodes some, like <, >, /, &.
Do you need all the other encodings in the src attribute?
YES, because (by default) the quotes aren't encoded (therefore, you use ENT_QUOTES), then you need to tell the function to ignore invalid UTF-8 character sequences and place &#FFFF; to generate valid HTML code (this is where ENT_DISALLOWED is usefull) and you set which HTML version you want (ENT_HTML5). If this isn't what you are asking, I have to remind you that you are writting into Javascript and Javascript doesn't like some characters that are fine for PHP.
0

UPDATE

this is a .js file, its taken from ajax chat

It won't work inside a .js file, because those files are not parsed by PHP. It can be set up so that they get parsed, but I strongly suggest you don't do it, ever.

Besides, you don't need PHP for what you're doing.

ORIGINAL ANSWER

This is not a proper PHP inside this line: 

+ '</a><?php echo \'<img src="test.php" />\' ?>'

Or just to strip the PHP part: 

<?php echo \'<img src="test.php" />\' ?>

To get it to work, you need to remove those escaped quotes (you don't need to worry about JS quotes, because PHP parser will hit the file first, leaving you with whatever you echoed), and add a semi-colon: 

<?php echo '<img src="test.php" />'; ?>

and the full line should be: 

    + '</a><?php echo '<img src="test.php" />'; ?>'

which will render as: 

    + '</a><img src="test.php" />'

It doesn't really make sense to use PHP for this, but okay.

Of course, it has to be inside a file that the server will parse with PHP (.php files by default, strongly suggest you don't set up PHP parsing for JS files). You never answer about the filetype in the comments.

Improve this answer

8 Comments

if i dont need php, then how do i do it? the user's avatar links are saved to a sql database, how else am I supposed to get the urls and turn them into images. and my bad for not mentioning that its javascript, i thought the javascript tag gave it away
@halomythfinders I just answered it here: stackoverflow.com/questions/28255571/…
Do not parse JS files with PHP, no matter what this guy suggests. I didn't see any PHP variables in your code, so I thought you were simply building HTML with it. So, one of the options is to pass in those urls in the AJAX calls (again, I don't know what the structure of your app is), or, to make that function accessible from your main PHP file, and modify it so you could pass in the PHP url as the 4th function parameter.
Ismael Miguel, that does not work due to it being javascript, also i was trying to use a test picture as a placement due to not setting up the variable yet. i.gyazo.com/13837939a5aa555ebc99825a7f989dc2.jpg
That's exactly what I was suggesting - modify that function to take the image url as a parameter as well. Pain or not, that's how it should work.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.