Thomas Smyth Thomas Smyth - 28 days ago 5
HTML Question

onClick function parameter containing "."

I'm trying to create a table that contains an onClick function for the items in the Change Password column of the table, so that my system administrator can change everyone's password.

Each onClick calls the function "ChangePassOpen", which opens a modal with the new password entry box and another button to actually call the function to change the password.

In order for my program to identify what account the admin is changing I need to pass the username as a parameter, however my usernames contain "." as they are comprised of a forename and surname, like "T.Smyth". This, however, causes an error because the program thinks I'm trying to pass two paramters, so it throws an error.

Any ideas of how to overcome this?

<?php
//Retrieves variables from Javascript.
$Search = $_POST["Search"];
$Type = $_POST["Type"];

if ($Type == "Registration Date"){
$Type = "joined";
}
else if ($Type == "Account Rank"){
$Type = "rank";
}

include "db/openlogindb.php";
if($DBError == true){
$data = 3;
}
else{

$UserSearch = "SELECT username, surname, forename, joined, rank FROM users
WHERE ".$Type." LIKE '%".$Search."%'
ORDER BY surname";

$results = mysqli_query($conn, $UserSearch);

if(mysqli_num_rows($results) == 0){
$data = 1;
}
else{
$data = '';

while($row = mysqli_fetch_assoc($results)){
$data .= '<tr><td>'.$row['surname'].'</td><td>'.$row['forename'].'</td><td>'.$row['username'].'</td><td>'.$row['joined'].'</td><td>'.$row['rank'].'</td><td onClick="ChangePassOpen('.$row['username'].')">Change Password</td></tr>';
}
}
}

include "db/closelogindb.php";

echo $data;
?>


http://thomas-smyth.co.uk/admin/manageusers.php

Answer

You should update your code

echo '<table><tr><td>'.$row['surname'].'</td><td>'.$row['forename'].'</td><td>'.$row['username'].'</td><td>'.$row['joined'].'</td><td>'.$row['rank'].'</td><td onClick="ChangePassOpen(\''.$row["username"].'\')">Change Password</td></tr></table>';

A backslash character () is considered to be an escape character.