Jump to content

php creating onclick function - "missing )"


Adamhumbug
Go to solution Solved by requinix,

Recommended Posts

I have a php function that creates a chunk of html including a onclick call.

The onclick function curerntly just console.logs what has been passed in.

I am getting a "uncaught SyntaxError: missing ) after argument list" error and i cant for the life of me figure out why.

$out .="<tr class='align-middle custom-lc' onclick='triggerClientContextMenu($cId, $coName)'>
                <td>
                    <div class='companyName'>$coName</div>
                  ......
                  
                   </td>
            
            </tr>";

When i inspect what is being put on the page i see

<tr class="align-middle custom-lc" onclick="triggerClientContextMenu(1, Company Name)">
                <td>
                    <div class="companyName">Company Name</div>

all looks good to me asside from the error in the console.

Annoyingly, the error in the console doesnt take me to a useful line of code just to the <!DOCTYPE html>.

when i remove this onclick from the PHP, i dont get any errors and everything runs fine.

 

Any pointers?
                 

Edited by Adamhumbug
Link to comment
Share on other sites

  • Solution
54 minutes ago, Adamhumbug said:

String needs to be in quotes?

String needs to be in quotes.

You've got one set on the outside for PHP, another set on the inside for the HTML attribute, and now you need a third set for the Javascript string.

You have three options:

// raw double quotes, but escaped because of the PHP quotes
$out .="<tr class='align-middle custom-lc' onclick='triggerClientContextMenu($cId, \"$coName\")'>"

// double quotes as HTML entities, which won't conflict with PHP's quotes
$out .="<tr class='align-middle custom-lc' onclick='triggerClientContextMenu($cId, &quot;$coName&quot;)'>"

// single quotes as HTML entities, which won't conflict with the HTML's quotes
$out .="<tr class='align-middle custom-lc' onclick='triggerClientContextMenu($cId, &apos;$coName&apos;)'>"

These three options may leave you open to problems if $coName contains apostrophes and you haven't protected yourself against that.
A fourth option is to run $coName through json_encode and then htmlspecialchars with the ENT_QUOTES flag (and them in that order), after which you can put it directly into the "code" without manually adding quotes.

But the fifth option is better: take a whole different approach to this by not using 1990s' web techniques like inline Javascript handlers...

Edited by requinix
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.