-1

How to use correctly the ' inside this javascript.

i try this different solutions but it does not work

     $introduction = 'Hello, it\'s chrismas'.
     $introduction = str_replace(''', '', $introduction);
     $introduction = json_encode($introduction);
     $introduction = stripslashes(htmlspecialchars_decode($introduction, ENT_QUOTE);

There the complete code. 

     if (MODULE_WEB_PUSH_SPECIAL == 'True') {
        $special_products = $this->getSpecialsProducts();

        if (!empty($special_products) && $_SESSION['SpecialsProducts'] === false) {
          $message_products_special = $special_products;
          $_SESSION['SpecialsProducts'] = true;

          $special_link = CLICSHOPPING::link(null, 'Products&Specials');

          $output .= '
<script>
Push.create(\'' . $introduction . '\', {
    body: \'' . $message_products_special . '\',
    icon: \'sources/images/logos/others/favicon.png\',
    timeout: 8000,               // Timeout before notification closes automatically.
    vibrate: [100, 100, 100],    // An array of vibration pulses for mobile devices.
    onClick: function() {
        window.location = "' . $special_link . '";
    }  
});
</script>
  ';
        }
      }
Jacques
  • 821
  • 1
  • 7
  • 7

3 Answers3

0
Escaping quotes in javascript.
Using double qoutes allows you to have a single quote inside the double quote.
    "'"
Using backslash prevents the next special character. Ie
    '\'';

In your script your combining javascript and php in the wrong way. You need to echo php variables, other wise php will not parse the assuring. To do that, I am using the php shorthand which is equivalent to 

<?php $introduction = 'Hello, it\'s chrismas'.
     $introduction = str_replace('&#039;', '', $introduction);
     $introduction = json_encode($introduction);
     $introduction = stripslashes(htmlspecialchars_decode($introduction, ENT_QUOTE); ?>



  <script>
  Push.create('<?=$introduction?>', {
      body: '<?=$message?>',
      icon: 'images/logos/others/favicon.png',
      timeout: 8000,               // Timeout before notification closes automatically.
      vibrate: [100, 100, 100],    // An array of vibration pulses for mobile devices.
  });
  </script>
Edwin Dijas Chiwona
  • 610
  • 6
  • 14
0

This can all be avoided by using double quotes (" ... ") for $output.

Specifically, $output .= " ... ";

herelistenrelaxlike
  • 1
  • 2
-1

The only thing you need to use is json_encode(). This will deal with all possible escaping issues that might arise. The resulting value will be quoted already, there's no need to use quotes in the JavaScript code.

When you're working with long blocks of text, using a heredoc makes things much easier to read, and I would recommend putting your PHP values into variables to ensure they're more separate from your JavaScript code.

$introduction = "Hello, it's Christmas";
if (MODULE_WEB_PUSH_SPECIAL == 'True') {
    $special_products = $this->getSpecialsProducts();

    if (!empty($special_products) && $_SESSION['SpecialsProducts'] === false) {
        $message_products_special = $special_products;
        $_SESSION['SpecialsProducts'] = true;

        $special_link = CLICSHOPPING::link(null, 'Products&Specials');

        $introduction = json_encode($introduction);
        $message_products_special = json_encode($message_products_special);
        $special_link = json_encode($special_link);

        $output = <<< JS
<script>
/* Begin PHP values */
var introduction = $introduction;
var message_products_special = $message_products_special;
var special_link = $special_link;
/* End PHP values */

Push.create(introduction, {
    body: message_products_special,
    icon: 'sources/images/logos/others/favicon.png',
    timeout: 8000,               // Timeout before notification closes automatically.
    vibrate: [100, 100, 100],    // An array of vibration pulses for mobile devices.
    onClick: function() {
        window.location = special_link;
    }  
});
</script>
JS;
    }
}
miken32
  • 42,008
  • 16
  • 111
  • 154