0

I have a php variable

$query="insert into msnowplaying values";

Then, I want to append a query string 

$q1="('1', '$selMovieTitle1', 'ST001', '1', '' )";
$query.=$q1;
echo "<script type='text/javascript'>alert('$query');</script>";

However, the alert shows nothing. Somehow, there's an error on the console:

[10:12:06.851] SyntaxError: missing ) after argument list @ http://localhost:1234/2013_12_2/controller/doaddNowPlaying.php:1

What am I missing? I've changed $q1 to " a" and the alert shows insert into msnowplaying values a

I don't know what happened, I really need some help. Thanks.

Improve this question
2
  • 2
    Did you actually check the output of your script? Use "view source" on your page. Commented Dec 8, 2013 at 3:22
  • 1
    In your "JavaScript", you are using ' as string delimiter. The string value in PHP contains ' characters. Boom! Commented Dec 8, 2013 at 3:28

2 Answers 2

Reset to default
4

Remember, PHP is parsed on the server, before the HTML hits the viewer, and javascript is parsed in the browser, after the HTML has been received by the user.

What you are sending to the user is written by php into the data as if you wrote it by hand, including anything that may later be interpreted as javascript code.

When you are echoing $query to the browser, you are most likely ending up with something that looks like this:

<script type='text/javascript'>alert('('1', '$selMovieTitle1', 'ST001', '1', '' )');</script>

Do you see how this is invalid javascript? You are using unescaped single quotes inside the alert('..'). First, if you want to see the correct string in javascript, try this:

echo '<script type="text/javascript">alert("'.addslashes($query).'");</script>';

Here we are using the function addslashes() ( http://php.net/addslashes ) to escape the quotes appropriately.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

@KevinFlorida Parse error: syntax error, unexpected ''.addslashes($query).'' (T_CONSTANT_ENCAPSED_STRING), expecting ',' or ';' in C:\Users\user\Documents\Downloads\Downloads\Compressed\xampp-portable-win32-1.8.3-1-VC11\xampp\htdocs\2013_12_2\controller\doaddNowPlaying.php on line 40
@teh1 Parse error: syntax error, unexpected ''.addslashes($query).'' (T_CONSTANT_ENCAPSED_STRING), expecting ',' or ';' in C:\Users\user\Documents\Downloads\Downloads\Compressed\xampp-portable-win32-1.8.3-1-VC11\xampp\htdocs\2013_12_2\controller\doaddNowPlaying.php on line 40
you didn't use single quotes the way teh1 suggested. Just look at my answer.. It uses your same logic, but adds slashes before. Try that
Apologies. I had a typo. Fixed.
1 
$query = "insert into msnowplaying values";
$query .= "('1', '$selMovieTitle1', 'ST001', '1', '' )";
$query = addslashes($query);
echo "<script type='text/javascript'>alert('$query');</script>";

Try that

Improve this answer

2 Comments

yes it works, but the main problem is the value of $query is not concatenated with $q1, so the alert just shows insert into msnowplaying values instead of insert into msnowplaying values('1', '$selMovieTitle1', 'ST001', '1', '' )
I was just showing you your bottom part.. I will edit this for you

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.