0

I thought I understood how to escape things, but this is just blowing my mind. I need to take this html/php combo text:

<select name="mainUsers" class="manageSelect">
<?php
     $users = getAllUsersByUserId($userid);
     echo'<option value="choose">Select a user...</option>';    
     while($user = mysql_fetch_array($users)) {
         echo'<option value='.$user['fname'].' '.$user['lname'].'>'.$user['fname'].' '.$user['lname'].'</option>';      
     }
?>
</select>;

and set it as the innerHTML of a javascript var. Its crashing because I don't have my escape syntax correct.

EDIT: Sorry for being unclear. This isn't working and I don't know why:

cell2.innerHTML = 
<?php
     echo '<select name="mainUsers" class="manageSelect">';
     $families = getAllFamiliesByUserId($userid);
     echo '<div id="famSelect"><option value="choose">Select a family...</option></div>';       
     while($family = mysql_fetch_array($families)) {
         echo '<div id="famSelect"><option value="'.$family['name'].'">'.$family['name'].'</option></div>';     
     }
     echo '</select>';
?>;
Improve this question
2
  • Your value attribute in the option tags isn't quoted Commented Jun 30, 2012 at 6:19
  • What do you mean when you say Its crashing? Commented Jun 30, 2012 at 6:31

3 Answers 3

Reset to default
2

You need to set innerHTML to a string containing HTML. In JavaScript, you need to delimit that string with quotes, so:

cell2.innerHTML = 
<?php
    echo '\'<select name="mainUsers" class="manageSelect">';
    $families = getAllFamiliesByUserId($userid);
    echo '<div id="famSelect"><option value="choose">Select a family...</option></div>';       
    while($family = mysql_fetch_array($families)) {
        echo '<div id="famSelect"><option value="'.$family['name'].'">'.$family['name'].'</option></div>';     
    }
    echo '</select>\';';
?>;
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You need to have a space between echo and the string being generated.

Also, the HTML you are generating isn't putting quotes around the option's value attribute.

Try this out: echo '<option value="'.$user['fname'].' '.$user['lname'].'">'.$user['fname'].' '.$user['lname'].'</option>';

Improve this answer

Comments

1

Theres problem with your quoting, it certanly throws a javascript error. Right now you have code like:

cell2.innerHTML = <select>...</select>

But it should be 

cell2.innerHTML = '<select>...</select>'

So put single quotes around you php tags

cell2.innerHTML = '<?php
//...
?>';

And this work without any escaping cause you dont use any single quotes inside your html code. But escaping is simple: Just replace all single quotes with \'. Like so: cell2.innerHTML = '

<?php
     $html = '<select name="mainUsers" class="manageSelect">';
     $families = getAllFamiliesByUserId($userid);
     $html .= '<div id="famSelect"><option value="choose">Select a family...</option></div>';       
     while($family = mysql_fetch_array($families)) {
         $html .= '<div id="famSelect"><option value="'.$family['name'].'">'.$family['name'].'</option></div>';     
     }
     $html .= '</select>';
     echo addslashes($html);
     // Addslashes also slahses double quotes("). If this is causing problems try: echo str_replace("'", "\\'", $html);
?>';
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.