Can i do like this:
<a href="#" id="thelink" onclick="window.parent.OpenVote("<? echo $_GET['id']; ?>", '<? echo $rowData['username']; ?>');">
It doesnt seem to work..
views:
38answers:
3
+1
A:
You can, but you need to use single quotes to pass an argument or else you'll escape the onclick attribute.
<a href="#" id="thelink" onclick="window.parent.OpenVote('<? echo $_GET['id']; ?>', '<? echo $rowData['username']; ?>');">
John Himmelman
2010-03-01 20:20:19
A:
Probably due to extra quotes in the onclick statement.
Try replacing the double quotes around the id param with single quotes:
<a href="#" id="thelink" onclick="window.parent.OpenVote('<? echo $_GET['id']; ?>', '<? echo $rowData['username']; ?>');">
Jim Geurts
2010-03-01 20:22:16
+1
A:
The first issue is the quotes inside the value for the onclick attribute. You either have to html encode them using " or use apostrophes instead:
<a href="#" id="thelink" onclick="window.parent.OpenVote('<? echo $_GET['id']; ?>', '<? echo $rowData['username']; ?>');">
Then you have to consider the values that you put in the code.
First you have to encode the values so that they can be string literals in the Javascript code. If there can be any backslash characters in them, you have to replace them by double backslashes, then if there can be any apostrophes in them, you have to escape them by putting a backslash before them (i.e. replace each apostrophe with a backslash and an apostrophe).
Then you have to encode the Entire script so that it can be a value in an HTML tag. As there are no characters that need escaping in the static code, you only have to encode the values that you put in the code. You have to HTML encode the values so that any characters like <, >, & and " are replaced with HTML entities.
Guffa
2010-03-01 20:30:56
Using `json_encode` with all the `JSON_HEX_` options set allows one to avoid having to do a separate HTML-escape afterwards.
bobince
2010-03-01 21:03:17