1

On some of my PHP pages I like to load data from another place, and populate an input or textarea.

I run into problems when there's html tags involved. (apostrophes too) I notice in FF that the html simply isn't too good at being passed around with javascript in general. (error console)

So I'm looking for help in how to HONE this, if possible.

Main Page:

<textarea name="templatetext" id="templatetext"></textarea>

<script language="javascript" type="text/javascript">
$(document).ready(function(){

   /* calls page2.php */
   $.ajax({data:"formId=loadtemplatetext",
        success:function(response){ 
                                    eval(response); 
                                  } 
       });
        return false;
   });

});
</script>

Page2.php

<?php
$templatetext = '<p>This is a test email<br /><br /><br /></p>
<p><span style="color: #808080; font-size: 12px; font-family: Tahoma,sans-serif;"><strong>Some Text here with an apostophe or image: <br /><img title="Test Img" src="http://somefakeurl.com/img/somefakeimg.gif" alt="test img" width="112" height="59" />';

die('$("#templatetext").val("'.addslashes($templatetext).'");');
?>

This works great with regular/plain text. Am I able to clean this up for populating the value inside a <textarea>?

Improve this question
6
  • 1
    eval is evil and should not be used! Commented Jan 11, 2013 at 16:28
  • you should look at jsonp if you need to do cross domain requests. Commented Jan 11, 2013 at 16:29
  • 2
    Why are you die()ing when you could just be echoing? Commented Jan 11, 2013 at 16:29
  • why ... do you print out html data with die() ? use echo $var; exit; if you want to quit Commented Jan 11, 2013 at 16:29
  • Your url parameter is missing. also, the text inside of die() is javascript, it needs to be inside of script tags. Commented Jan 11, 2013 at 16:32

1 Answer 1

Reset to default
4

I would recommend changing how you perform this. Either within the client code know where the new content is going, or make an object that makes parsing it client-side easier. e.g.

Version one: Server-specific handling (and client-side processing)

<?php

  $result = array();
  $result['template'] = '<p>this is a test email<br/ >...';
  $result['target'] = '#templatetext';

  echo json_encode($result);

Then your AJAX code becomes:

$.ajax({
  data:'formId=loadtemplatetext',
  success: function(d){
    $(d.target).html(d.template);
  }
});

Version two: Server processing, client handling

<?php

  echo '<p>This is a test email<br />...';

Then your AJAX becomes:

$('#template').load('/page.php?formId=loadtemplatetext');

Resist using eval as all costs. This can lead to a lot of security threats.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I had to chuckle a little, after reading the all the anti-eval sentiment out there. Sometimes it's just nice to do eval quick and dirty for testing purposes. But I think the message was received :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.