#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Location
    On planet earth
    Posts
    105
    Rep Power
    11

    OnClick and other events


    Must they always have double quotes, such as

    onClick="function('value');" or can they have single quotes such as
    onClick='function('value');'

    I am trying to make my php script function correctly along side this javascript event, but when I use the onClick with single quotes, it doesn't work
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    I have no idea what you mean by "doesn't work", but HTML cannot parse nested single quotes (or double quotes) -- just like PHP, JavaScript, CSS or whatever language you are familiar with.

    You can put double quotes in single quotes, you can put single quotes in double quotes, or you can escape the inner quotes (with & quot; or &34; ). Depending on the HTML flavor, you can even leave out the attribute quotes completely. But you cannot put single quotes in single quotes or double quotes in double quotes. Like I said, this applies to every mainstream language, so it shouldn't really surprise you.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Location
    On planet earth
    Posts
    105
    Rep Power
    11
    So would I get away with using something like this?

    echo "<td><a href= &quot javascript:; &quot onClick= &quot MM_swapImage('main',.....) &quot
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    No, because now you've killed the attribute quotes.

    An HTML attribute looks like this:
    Code:
    name="content"
    or
    Code:
    name='content'
    In case the attribute content itself contains quotes, these quotes either have to be different from the attribute delimiters, or you need to escape the quotes of the attribute content:
    Code:
    onclick="alert(&quot ;abc&quot ;)"
    If the HTML is in a PHP string, then again the quotes in the string have to be different from the string delimiters, or you need to escape the quotes in the string content:

    PHP Code:
    echo '<strong onclick="alert(&quot ;abc&quot ;)">Click!</strong>'
    or
    PHP Code:
    echo '<strong onclick="alert(\'abc\')">Click!</strong>'
    or any other combination that fulfills the requirements above.

    The actual problem and the reason for this total mess is that you have nested three languages: JavaScript in HTML in PHP. This naturally leads to all kinds of problems and poor structure and readability. That's why modern web development tries to separate the different languages: The JavaScript code should be in external scripts and not embedded in the HTML markup. The HTML should be in templates and not embedded in the PHP code.

    This way you have a clean structure instead of PHPSQLHTMLJavaScriptCSS spaghetti code.

    Comments on this post

    • cssbonding agrees : thanks but I couldn't get this to work, so I went back to my original script
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Location
    On planet earth
    Posts
    105
    Rep Power
    11
    Well, the particular event I am using is

    onClick="MM_swapImage('main','','images/hi/filename',1)"

    I know of the alert event or warning, but don't how to use it with my php
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by cssbonding
    I know of the alert event or warning, but don't how to use it with my php
    Didn't I explain that above? If you want something to copy and paste, pick one of the last two code snippets.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  12. #7
  13. No Profile Picture
    Super Moderator
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,009
    Rep Power
    2791
    The premise is simple, cssbonding. In layman's terms: A machine reads in sequence. Take the following code:-
    HTML4Strict Code:
    <element onclick="someFunction("a string");">
    Using the forums built-in highlighting, do you see how the machine is going to interpret that code? It takes the first double quotation mark as the opening point of your parenthesis and then it takes the second as the closing point, then repeats when it finds a second set of quotation marks. It does not understand your intent, only syntax and logical order.

    By using the following examples of single and double quotation marks, you are differentiating between your parenthesis, allowing you to nest them inside one another.
    HTML4Strict Code:
    <element onclick="someFunction('a string');">
    HTML4Strict Code:
    <element onclick='someFunction("a string");'>

    Comments on this post

    • cssbonding agrees
    [PHP] | [Perl] | [Python] | [Java] != [JavaScript] | [XML] | [C] | [C++] | [LUA] | [MySQL] | [FirebirdSQL] | [PostgreSQL] | [HTML] | [XHTML] | [CSS]

    W3Fools - A W3Schools Intervention.

IMN logo majestic logo threadwatch logo seochat tools logo