0

I'm trying to insert a PHP EOT string into a js code and I need to encode it since it has some \n in it. I can't do it with a simple jsonencode because it returns the code with "'s and I don't need them there.

So i tried those two approaches which both return an error:

<?php
$string = $v['survey'];
function escapeJavaScriptText($string)
{
    return str_replace("\n", '\n', str_replace('"', '\"', addcslashes(str_replace("\r", '', (string)$string), "\0..\37'\\")));
}
?>

<?php echo escapeJavaScriptText(); ?>

I've also tried:

<?php
$string = $v['survey'];
function javascript_escape($string) {
    $new_str = '';

    $str_len = strlen($string);
    for($i = 0; $i < $str_len; $i++) {
        $new_str .= '\\x' . sprintf('%02x', ord(substr($string, $i, 1)));
    }

    return $new_str;
}
?>

<?php echo javascript_escape(); ?>

Both return: Missing argument 1 for escapeJavaScriptText() and Undefined variable: string in But <?php echo $string; ?> returns the code I need (just without the encoding).

What am I missing?

Ricardo
  • 1,653
  • 8
  • 26
  • 51
  • 2
    `` is not passing in `$string`, so `$string` in your function is undefined/out of scope. Either `` or `function javascript_escape() { global $string;` – chris85 Jul 24 '17 at 21:14
  • Oh, I really missed that! It works now but it seems it didn't solve my issue with javascript encoding... http://take.ms/57aXU – Ricardo Jul 24 '17 at 21:21
  • I got it solved by replacing `str_replace('"', '\"'` to `str_replace('"', '"'`. Thanks! – Ricardo Jul 24 '17 at 21:25
  • You're are replacing a double quote with a double quote? – chris85 Jul 24 '17 at 21:33
  • Possible duplicate of [Reference: What is variable scope, which variables are accessible from where and what are "undefined variable" errors?](https://stackoverflow.com/questions/16959576/reference-what-is-variable-scope-which-variables-are-accessible-from-where-and) – chris85 Jul 24 '17 at 21:41

2 Answers2

0
<?php
$string = $v['survey'];
function javascript_escape($string) {
$new_str = '';
$str_len = strlen($string);
for($i = 0; $i < $str_len; $i++) {
    $new_str .= '\\x' . sprintf('%02x', ord(substr($string, $i,      1)));
 }
return $new_str;
 }
 ?>
 <?php echo javascript_escape($string); ?>
Osama
  • 2,912
  • 1
  • 12
  • 15
0

It's because of different variable scopes within your function and global code. In PHP, by default, functions don't have access to global variables.

In your case, variable $string, you're trying to use by function javascript_escape, is a global variable. So, you have a few ways to avoid Undefined Variable exception.

1. Use "global" keyword to have acces to global variables inside the function.

After function definition, you just need to specify global variables this way (and remove $string from arguments list):

function javascript_escape() {
    global $string;

    $new_str = '';

    $str_len = strlen($string);
    for($i = 0; $i < $str_len; $i++) {
        $new_str .= '\\x' . sprintf('%02x', ord(substr($string, $i, 1)));
    }

    return $new_str;
}

or

function escapeJavaScriptText()
{
    global $string;
    return str_replace("\n", '\n', str_replace('"', '\"', addcslashes(str_replace("\r", '', (string)$string), "\0..\37'\\")));
}

2. Pass $string as an argument of function call.

If you have a reasons not to use global variables at all, you're able to pass unescaped string each time the function has to be called.

<?php echo javascript_escape($string); ?>

3. Use pre-escaped string.

If you have to use $string encoded by your function multiple times, it'd be a good practice to escape the variable at the beginning of your code and use it without calling escape function every time you need to use this variable:

$escaped_string = javascript_escape($string);

...

<?php echo $escaped_string; ?>

Also, I recommend you to read the official documentation about variable scopes: http://php.net/manual/en/language.variables.scope.php

Maksim I. Kuzmin
  • 1,170
  • 7
  • 16