0

I have this bit of code in my codeigniter view:

<script>
    var content = [];
    content[<?php echo $storageItem["id"]; ?>] = "<?php echo form_open("/account/edititem", array("class" => "form-inline"), array("id" => $storageItem["id"], "item_loc" => "inventory", "acctid" => $acct_data->account_id)); ?>
            <div class="panel-body">
                <div class="row">
                    <div class="col-xs-2">
                        <strong>Refine level:</strong>&nbsp;<input type="number" name="refine" class="form-control" value="<?php echo $storageItem["refine"]; ?>" <?php if ($storageItem["type"] != 4 && $storageItem["type"] != 5) { echo "readonly"; } ?> />
                    </div>
                    <div class="col-xs-2">
                        <strong>Broken?:</strong>&nbsp;<input type="checkbox" name="attribute" class="form-control" value="1" <?php if ($storageItem["attribute"] == 1) { echo "checked"; } if ($storageItem["type"] != 4 && $storageItem["type"] != 5) { echo "disabled"; } ?> />
                    </div>
                    <div class="col-xs-2">
                        <strong>Bound?:</strong>&nbsp;<input type="checkbox" name="bound" class="form-control" value="1" <?php if ($storageItem["bound"] == 1) { echo "checked"; } ?> />
                    </div>
                </div>
                <br />
                <div class="row">
                    <div class="col-xs-2">
                        <strong>Card 1:</strong>&nbsp;<input type="number" name="card0" class="form-control" value="<?php echo $storageItem["card0"]; ?>" <?php if ($storageItem["type"] != 4 && $storageItem["type"] != 5) { echo "readonly"; } ?> /></br>
                    </div>
                    <div class="col-xs-2">
                        <strong>Card 2:</strong>&nbsp;<input type="number" name="card1" class="form-control" value="<?php echo $storageItem["card1"]; ?>" <?php if ($storageItem["type"] != 4 && $storageItem["type"] != 5) { echo "readonly"; } ?> /></br>
                    </div>
                    <div class="col-xs-2">
                        <strong>Card 3:</strong>&nbsp;<input type="number" name="card2" class="form-control" value="<?php echo $storageItem["card2"]; ?>" <?php if ($storageItem["type"] != 4 && $storageItem["type"] != 5) { echo "readonly"; } ?> /></br>
                    </div>
                    <div class="col-xs-2">
                        <strong>Card 4:</strong>&nbsp;<input type="number" name="card3" class="form-control" value="<?php echo $storageItem["card3"]; ?>" <?php if ($storageItem["type"] != 4 && $storageItem["type"] != 5) { echo "readonly"; } ?> /></br>
                    </div>
                </div>
            <?php echo form_close(); ?>
        </div>";
</script>

I create array named 'content' in javascript and then need to stuff almost an entire form into it to be able to create a child row in DataTables.

( for more information regarding what I've been trying to do and where these variables come from, see Datatables child row with PHP data from Codeigniter )

I've tried escaping single and double quotes (PHP complains about this), json_encode (PHP also complains about this as I still need the quotes and PHP interprets the quotes as the end of the json_encode), I've tried surrounding the entire value of the javascript array with '"' and "'", I've tried surrounding every line with ' '+ without success as well. How do I get this entire string into a form where javascript and PHP will parse it correctly and neither of them freak out?

Improve this question

1 Answer 1

Reset to default
0

Look at what you're doing:

<script>
    var content = [];
    content[<?php [..snip..] ?>] = "<?php [..snip..] ?>
                                   ^---start of javascript string
            <div class="panel-body">  
                       ^---end of javascript string
                                  ^---start of another string

That means you have essentially:

variable = "some string stuff"variable-variable"more string stuff"

which is outright illegal JS.

The specific fix is to ESCAPE all of the strings in that html:

<script>
    yadayada
    <div class=\"panel-body\"> yada yadayada
               ^-----------^

But that doesn't fix the fact that this is incredibly bad code. You shouldn't be dumping loads of html into a JS string, and you should never be directly echoing text from PHP into a JS context.

If nothing else, why not generate all the content in PHP, then dump it all out as json?

<?php

$data = "blah blah blah blah";

?>

<script>
var content = <?php echo json_encode($data); ?>;
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.