| variable path lose slashs when used in an alert [message #177527] |
Fri, 06 April 2012 15:10  |
nawfer
Messages: 34
Registered: August 2011
Karma: 0
|
Member |
|
|
variable $temp is a path
C:\www\site\test\folder\img.jpg
if I write
echo $temp;
ok I have all the path
---------
but if I use same variable in an alert I haven't more the correct path;
haven't the \ slashs
echo"<script type='text/javascript'>";
echo "alert('$temp')";
echo "</script>";
I tested also string but is equal
$temp=(string)$temp;
is there a solution?
|
|
|
|
| Re: variable path lose slashs when used in an alert [message #177530 is a reply to message #177527] |
Fri, 06 April 2012 15:42  |
Peter H. Coffin
Messages: 245
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Fri, 6 Apr 2012 17:10:18 +0200, nawfer wrote:
> variable $temp is a path
> C:\www\site\test\folder\img.jpg
>
> if I write
> echo $temp;
> ok I have all the path
> ---------
>
> but if I use same variable in an alert I haven't more the correct path;
> haven't the \ slashs
>
> echo"<script type='text/javascript'>";
> echo "alert('$temp')";
> echo "</script>";
>
> I tested also string but is equal
> $temp=(string)$temp;
>
>
> is there a solution?
read and understand http://php.net/manual/en/language.types.string.php
especially the part where different quotes make interpretation
different.
--
It's not hard, it's just asking for a visit by the fuckup fairy.
-- Peter da Silva
|
|
|
|
| Re: variable path lose slashs when used in an alert [message #177533 is a reply to message #177527] |
Fri, 06 April 2012 21:19 |
Richard Damon
Messages: 58
Registered: August 2011
Karma: 0
|
Member |
|
|
On 4/6/12 11:10 AM, nawfer wrote:
> variable $temp is a path
> C:\www\site\test\folder\img.jpg
>
> if I write
> echo $temp;
> ok I have all the path
> ---------
>
> but if I use same variable in an alert I haven't more the correct path;
> haven't the \ slashs
>
> echo"<script type='text/javascript'>";
> echo "alert('$temp')";
> echo "</script>";
>
> I tested also string but is equal
> $temp=(string)$temp;
>
>
> is there a solution?
If you look at the source of the page, you should see the slashes. The
problem is that with
alert('C:\www\site\test\folder\img.jpg')
the javascript interpreter will see each of the slashes in it as an
escape sequence with the following character. You therefore need to
"escape" your string so as to pass properly through the javascript
processor. This would need things like \ going to \\ and ' to \'
Anytime you send a variable out to something that will interpret it, you
need to think about the need to run the data through and escape
processor, be it sql query, javascript code, or even just out as a web
page. (For instance
$foo = "John & Mary";
or
$for = "1 < 2";
echo $foo;
will generate an incorrect page, as & and < have special meaning in HTML.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]