0

I have a JS function that will add keys with values to the current URL. There are two almost identical links below, only difference is the variable being passed to the JS function. One link passes $month, the other passes $event_category. For some reason, when passing $event_category, the JS function doesn't even get called. Anyone know what I'm doing wrong?

You'll have to scroll to the right to see where the difference is.

 $month = 1;
 $event_category = (string) ($eventCategories[$k]["event_category"]);
 echo gettype($event_category); // prints "string"
 // doesn't work?
 echo '<div class="month selected"><a href="javascript:void(0);" onclick="javascript:insertParam('. "'event_category'" .', '. $event_category .');" class="button" role="button">
 <image width="100" height="60" src="images/'. $images_list[$eventCategories[$k]["event_category"]].'"></a></div>'; 
 // works
 echo '<div class="month selected"><a href="javascript:void(0);" onclick="javascript:insertParam('. "'event_category'" .', '. $month .');" class="button" role="button">
 <image width="100" height="60" src="images/'. $images_list[$eventCategories[$k]["event_category"]].'"></a></div>';
asked Aug 6, 2016 at 6:56
5
  • This is a major XSS risk, and you really shouldn't be doing this. At least sanitize everything first before dumping it into the HTML. Commented Aug 6, 2016 at 6:58
  • I'll say you put the java script function some where on the page with an onload listener and call the function when you php is loaded. Commented Aug 6, 2016 at 7:01
  • I realize that maybe I should be, but I'm not worried about that. I just want to get this working properly Commented Aug 6, 2016 at 7:01
  • @MueyiwaMosesIkomi Thing with this is there are multiple of these buttons being created. Each one with a different value for $event_category that needs to get passed to the JS function. Commented Aug 6, 2016 at 7:02
  • That can be handled, pass the data in the button using the data attribute. Which you can easily pick up on click using java script to do what you want. Also make sure you sanitise the data before sending back to the server for security reasons Commented Aug 6, 2016 at 7:06

1 Answer 1

2

You should put quotes around the $event_category, otherwise it will be interpreted by javascript as a variable. So, convert 

. $event_category .

to

. '"' . $event_category . '"' .
answered Aug 6, 2016 at 7:36
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.