从 PHP 调用 javascript 函数 - 引号问题
calling javascript function from PHP - quotes issue
我正在尝试从 PHP 调用 javascript 函数。这个想法是从文件中创建每个参数作为link,当点击时将它的值输入文本框。
$lines = file('http://localhost/repositories.txt');
foreach ($lines as $line_num => $line) {
echo "<a onclick='javascript:(document.folderForm.folderLocation.value=".htmlspecialchars($line) .");' href='#'>".htmlspecialchars($line) . "</a><br />";
}
单击创建的 links 我得到(例如):
ReferenceError: test2 is not defined
我觉得参数两边应该有引号,但是我加不上。我尝试使用 ' \" ' 但没有成功。
有什么想法吗?
You need to quote and properly escape the JavaScript string that you're assigning to the input value
属性. You can use json_encode
for that:
echo "<a onclick='document.folderForm.folderLocation.value=".htmlspecialchars(json_encode($line)) .";' href='#'>".htmlspecialchars($line) . "</a><br />";
The main cause of the issue is that your code was missing the quotes around the string value, so JavaScript was interpreting it as an identifier (variable name).
json_encode
adds quotes around the value and, more importantly, escapes the value to make sure it is a valid JSON string (it escapes line feeds, carriage returns and quotes which could easily result in a syntax error otherwise).
JSON is a subset of the JavaScript syntax, so any valid JSON is valid JavaScript. (provided it is used in a suitable context)
Finally, as the value is inside an HTML attribute, htmlspecialchars
is still applied to escape the value. It escapes quotes to make sure the variable value does not break out of the attribute value and also escapes characters such as &
to not be interpreted as the beginning of an HTML entity sequence.
Finally, I would recommend against echo
in this case, as to reduce the number of quotes and make interpolation easier to read:
$lines = file('http://localhost/repositories.txt');
foreach ($lines as $line_num => $line) { ?>
<a onclick='document.folderForm.folderLocation.value=<?= htmlspecialchars(json_encode($line)) ?>;' href='#'><?= htmlspecialchars($line) ?></a><br />
<?php } ?>
Note: PHP short echo tags are available everywhere independent of configuration as of PHP 5.4. Switch <?=
to <?php echo
if you need to support PHP < 5.4.
我正在尝试从 PHP 调用 javascript 函数。这个想法是从文件中创建每个参数作为link,当点击时将它的值输入文本框。
$lines = file('http://localhost/repositories.txt');
foreach ($lines as $line_num => $line) {
echo "<a onclick='javascript:(document.folderForm.folderLocation.value=".htmlspecialchars($line) .");' href='#'>".htmlspecialchars($line) . "</a><br />";
}
单击创建的 links 我得到(例如):
ReferenceError: test2 is not defined
我觉得参数两边应该有引号,但是我加不上。我尝试使用 ' \" ' 但没有成功。 有什么想法吗?
You need to quote and properly escape the JavaScript string that you're assigning to the input value
属性. You can use json_encode
for that:
echo "<a onclick='document.folderForm.folderLocation.value=".htmlspecialchars(json_encode($line)) .";' href='#'>".htmlspecialchars($line) . "</a><br />";
The main cause of the issue is that your code was missing the quotes around the string value, so JavaScript was interpreting it as an identifier (variable name).
json_encode
adds quotes around the value and, more importantly, escapes the value to make sure it is a valid JSON string (it escapes line feeds, carriage returns and quotes which could easily result in a syntax error otherwise).
JSON is a subset of the JavaScript syntax, so any valid JSON is valid JavaScript. (provided it is used in a suitable context)
Finally, as the value is inside an HTML attribute, htmlspecialchars
is still applied to escape the value. It escapes quotes to make sure the variable value does not break out of the attribute value and also escapes characters such as &
to not be interpreted as the beginning of an HTML entity sequence.
Finally, I would recommend against echo
in this case, as to reduce the number of quotes and make interpolation easier to read:
$lines = file('http://localhost/repositories.txt');
foreach ($lines as $line_num => $line) { ?>
<a onclick='document.folderForm.folderLocation.value=<?= htmlspecialchars(json_encode($line)) ?>;' href='#'><?= htmlspecialchars($line) ?></a><br />
<?php } ?>
Note: PHP short echo tags are available everywhere independent of configuration as of PHP 5.4. Switch <?=
to <?php echo
if you need to support PHP < 5.4.