How can I use window.open in my string echo'd from PHP?

Question

Through a $_POST request I query a database and return info in a string as follows:

$output .='<div class="searchdiv"> <b>'.$tit.' </b>- '.$art.' <br> <a href="#" onclick="window.open('.$prev.', "_blank", "width=600,height=350");" >preview tutorial</a> - <a href="'.$wat.'" target="blank">watch full tutorial</a></div>'; 

My problem is the "window.open" statement. It works as follows in a plain html doc as inline JS:

$output .='<div class="searchdiv"> <b>'.$tit.' </b>- '.$art.' <br> <a href="#" onclick="window.open('.$prev.', "_blank", "width=600,height=350");" >preview tutorial</a> - <a href="'.$wat.'" target="blank">watch full tutorial</a></div>'; 

But I think my problem in the PHP string is the single and double quotation marks.What am I doing wrong?

Answer 1

It seems that you've messed up the quotes in there slightly...

$output .='<div class="searchdiv"> <b>'.$tit.' </b>- '.$art.' <br> <a href="#" onclick="window.open('.$prev.', "_blank", "width=600,height=350");" >preview tutorial</a> - <a href="'.$wat.'" target="blank">watch full tutorial</a></div>';

You used " to define the onclick event, however you've used " inside of that event, which made it invalid. Replace the " inside of the event with \', which will escape the quote and not mess up your PHP.

$output .='<div class="searchdiv"> <b>'.$tit.' </b>- '.$art.' <br> <a href="#" onclick="window.open('.$prev.', \'_blank\', \'width=600,height=350\');" >preview tutorial</a> - <a href="'.$wat.'" target="blank">watch full tutorial</a></div>';

And, if $prev is not referring to a variable in JS (if it will end up as a string), you need those quotes around that as well.

\''.$prev.'\'

Answer 2

You need quotes around the URL.

$output .= '... <a href="#" onclick="window.open("' . $prev . '", "_blank", ...
// ---------------------------------------- here ^ -- and here ^

You would be able to notice this pretty quick if you looked at your HTML source, to see what was generated.