0

I have this function, and I call it from PHP with onClick="login_f('.$return.')" But in Firefox it gives me an error "javascript missing ) after argument list" Any help?

  function login_f(return_v){
    email = document.login.email.value;
    email2 = document.login.email2.value;
    if(email == "" || email2 == ""){
      if(readCookie("lang") == "it_IT")
        msg('<span style="color:#D90909">Compila tutti i campi!</span>'); 
      else
        msg('<span style="color:#D90909">Fill in all fields!</span>');
    }
    else if(email != email2){
      if(readCookie("lang") == "it_IT")
        msg('<span style="color:#D90909">Le email non coincidono!</span>');
      else
        msg('<span style="color:#D90909">The emails do not match!</span>');
    }
    else{
      var date = new Date();
      date.setTime(date.getTime() + (365*24*60*60*1000));
      var expires = "; expires=" + date.toGMTString();
      document.cookie = "email=" + email + expires + "; path=/sbm/";
      if(return_v == "" || return_v == null)
        window.location.href = "http://www.xriuk.com/sbm/";
      else
        window.location.href = return_v;
    }
  }
Improve this question
3
  • What is in $return? Commented Sep 8, 2013 at 9:10
  • 1
    pls post the complete code for this part.. onClick="login_f('.$return.')" ..! Commented Sep 8, 2013 at 9:12
  • login_f does few action and then points the page back to the url in $return Commented Sep 8, 2013 at 9:13

2 Answers 2

Reset to default
1

It looks like (based on where it is used) $return (and therefore return_v) is a string.

If that's the case, then it needs quotes around it.

I highly recommend using json_encode to embed ANY kind of variable, not least because it greatly helps prevent XSS.

So your PHP becomes:

echo '...... onClick="login_f('.htmlspecialchars(json_encode($return),ENT_QUOTES)."');"....';
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

$return is a string containing an URI, why do I need to encode it?
Right-click and View Source. Tell me it's valid HTML.
... Okay, now tell me that it's valid JavaScript you have there.
0

you could do like:

echo '<a ... onClick="login_f(\''.$return.'\')">....</a>';
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.