$playername = $_GET["playername"];
echo '<img src="https://cravatar.eu/head/SecretAgent5555"/>';
I need what SecretAgent5555 is to be $playername, plz help/
This will do what you need...
echo '<img src="https://cravatar.eu/head/' . $playername . '"/>';
This uses the PHP . string concatenation feature to 'insert' $playername into the img src tag.
You can also use string interpolation by using double quotes, but it requires you to escape the double quotes within, like this.
echo "<img src=\"https://cravatar.eu/head/$playername\"/>";
Because you have opened the string being echoed with the double quotes, to put a double quote within, you need to escape them. This is the \" part within the string.
Related
So I've created a CMS that takes text input. This is how the data is used when I grab it from the database.
echo "<img src=" . $row['image_url'] . " alt=" . $row['caption'] . ">";
Now the problem is, whenever there's a comma or a semi colon, php treats it as part of the code and the page ends up either not rendering well or completely breaking with errors like
Parse error: syntax error, unexpected '=' in
I've tried using htmlspecialcase() when posting the data to the MySQL database but it didn't fix the problem.
EDIT: The main problem is with the alt part not the src part.
When you're using double quotes (") to create a string literal and in that string literal you want to use double quotes ("), then you may escape those double quotes (") to form a valid string.
echo "<img src=\"" . $row['image_url'] . "\" alt=\"" . $row['caption'] . "\">";
You can try like that:
<img src="<?php echo $row['image_url'];?>" alt="<?php echo $row['caption'];?> ">
I have these two lines that I would like to escape the $type variable:
$functionName = str_replace('-', '_', $type);
$output .= '<div class="tab-pane" id="'. $type .'">';
I tried escaping like below but its confusing me and not sure whether thats right:
$output .= '<div class="tab-pane" id="\'. $type .'\">';
Example 1: Variable between single quotes
If you use single quotes everything between them will always be treated as part of the string.
$output .= '<div class="tab-pane" id="' . $type . '">";
Example 2: Variable between double quotes (option 1)
If you have a variable that you want to pass in a string you can just put it in there if you use double quotes and de variable is nog 'touching' the other words. It should always have spaces.
$output .= "<p>i would like to $your_text_here with you.</p>";
Example 3: Escaping quotes in a string
Escaping characters in a string can be done by using a \ (backslash) before the character you want to escape.
$output .= "<div class=\"tab-pane\" id=\"example-id\">";
Example 4: Variable between double quotes without spaces next to it
You can place your variable between {} braces if you use double quotes (option 2)
$output .= "<div class=\"tab-pane\" id=\"{$type}\">";
This question was however already answered in Mixing PHP variable with string literal
Your first block is doing string replacements, but then you use the ORIGINAL string, not the replaced one:
$output .= '<div class="tab-pane" id="' . $functionName . '">';
would be more correct. On the second one, you're escaping the ' quotes, which means that you never terminate the string, meaning that the . $type . portion is treated as plaintext within the string, not a PHP concatenation operation. Try
$output .= '<div class="tab-pane" id="' . $type . '">';
instead. note the LACK of backslash escapes.
And of course, you could use a HEREDOC, eliminating any need to escape quotes entirely:
$output .= <<<EOL
<div class="tab-pane" id="{$functioName}">
EOL;
In this case, you don't need to escape at all. You only escape within the same type of quotes. You don't escape double inside single or single inside double.
So with 'o'reilly' you would escape like 'o\'reily'. But with "o'reilly" you'd just keep it as "o'reilly". But with "He said "hello"" you'd escape "He said \"hello\"". Yet, with 'He said "hello"' you would not escape at all.
But if your $type variable can contain double quotes, you will need to consider that to prevent your HTML from being broken in that case. How you would handle the quotes inside the variable $type would be by replacing the " with its HTML entity equivalent:
$output .= '<div class="tab-pane" id="' . str_replace('"', '"', $type) . '">';
Or use htmlentities() which will do the same replace as well as others.
Note, its the double quotes inside the variable you would want to handle, not to escape the single quotes outside. Because presumably the issue is that if the variable contained double quotes it would break your HTML since you are using double quotes around the value for id:
i.e. id="contents_of_type_variable"
If you had id="contents"_of_type_variable" your HTML would be broken.
So you change that to id="contents"_of_type_variable"
If you're trying to escape something else, it is due to a misunderstanding.
I have a problem with my page. I am displaying images using PHP Loop statement. Now I want to assign these images with different id's. Example first loop the first image displayed will have an id="img1", next loop and second image has id="img2". Numbers on the id changes based on the loop iteration variable, while "img" is constant. Here's my code:
for ($i=1;$i<=6;$i++){
echo ("<img src='gangjeong.png' width='113' id='img'.$i>");
}
but it's not working. Any help would be much appreciated.
UPDATE: I got it to work now, thanks for the answers. The working code is:
for ($i=1;$i<=6;$i++){
echo ("<img src='gangjeong.png' width='113' id='img$i'>");
}
You can't use unescaped single quotes if you start your string by single quotes.
These are the possibilities you have:
Using double quotes inside single quotes:
for ($i=0;$i<6;$i++){
echo ('<img src="gangjeong.png" width="113" id="img' . ($i+1) . '" />');
}
Using escaped single quotes inside single quotes (ugly):
for ($i=0;$i<6;$i++){
echo ('<img src=\'gangjeong.png\' width=\'113\' id=\'img' . ($i+1) . '\' />');
}
Using double quotes for starting/ending the string:
for ($i=0;$i<6;$i++){
echo ("<img src='gangjeong.png' width='113' id='img" . ($i+1) . "' />");
}
Using escaped double quotes inside double quotes (ugly):
for ($i=0;$i<6;$i++){
echo ("<img src=\"gangjeong.png\" width=\"113\" id=\"img" . ($i+1) . "\" />");
}
Quotes inside quotes are a no no without proper escaping. Also you have a missing > for the img tag. This should do:
for ($i=1;$i<=6;$i++){
echo "<img src='gangjeong.png' width='113' id='img".$i."'>";
}
Where's your escape characters? Your quotes need escaping, or put your HTML part in double quotes and PHP strings in single, or vice versa. Just make sure you're not confusing start and end quotes.
your syntax is not correct, use:
for ($i=1;$i<=6;$i++){
echo '<img src="gangjeong.png" width="113" id="img'.$i.'" alt="">';
}
Use:
for ($i=1;$i<=6;$i++){
echo "<img src=\"gangjeong.png\" width=\"113\" id=\"img$i\">";
}
Hey guys, I have the following code:
foreach($collection as $img)
{
$image_id = $img['imageid'];
$thumbwidget = wp_get_attachment_image_src($image_id, 'full');
$gallery .= '<a class="fav-image-a" href="http://www.bangstyle.com/haircut-detail/?uid='.$uid.'&img_id='.$image_id.'&ucolid='.$user_id.'&catid='.$col_id.'&theater">';
$gallery .= '<img src="';
$gallery .= thumbGen($thumbwidget[0],259,320,'valing=top');
$gallery .= '">';
$gallery .= '</a>';
}
I think I may have the wrong order of escaping. The rendered variable is not staying within the img src when rendered. I assume it has to do with my escaping somewhere.
The live url can be seen at http://bangstyle.com/test-widget/
You can see what's happening. The rendered elements are on top.
Why the extra quotes inside? What you are producing is this:
<img src="'THUMBWIDGETURL_IS_INSERTED_HERE'">
What you probably want is this:
<img src="THUMBWIDGETURL_IS_INSERTED_HERE">
To do that just remove the extra \':
$gallery .= '<img src="'.$thumbwidgeturl.'">';
Rules to be aware of:
In PHP, both single quotes and double quotes can be used to produce string literals.
Each should be used in a pair and that pair constitutes one string literal. So, in your example you have two string literals and a variable being combined (concatenated) with the dot (.) operator.
Inside single quotes, single quotes need to be escaped, and inside double quotes, double quotes need to be escape. The other type of quotes in each can be used freely without escaping.
Strings inside single quotes are taken as they are, while strings inside double quotes are interpreted for variables.
More information in the PHP docs on Strings.
How about this:
$gallery .= "<img src=\"" . $thumbwidgeturl . "\">";
or even:
$gallery .= '<img src="' . $thumbwidgeturl . '">';
I am using like
$myPage .= '<td><a href=\'javascript:editProduct('
.$row['id']
.',"'
.$row['name']
.'")\'>Edit</a></td>';
where $row['name'] has quotes in its value. it breaks. how do i solve the issue both from php side and js side...
$row['name'] is value from DB. and it will have value like pradeep's and pradeep"s also
i used like
$myPage .= '<td><a href=\'javascript:editProduct('.addslashes($row['id']).',"'.addslashes($row['name']).'")\'>Edit</a></td>';
it solves the issue of double quotes. but when i have single quotes in value the javascrit link looks like
javascript:editProduct(28,"pradeep\
it actually breaks..
And how do i strip down the slashes added by addslashes in javascript..
UPDATE - FINAL CODE
$myPage .= '<td><a href=\'javascript:editProduct('.$row['id'].',"'.htmlentities($row['name'],ENT_QUOTES).'")\'>Edit</a></td>';
and js looks like
function editProduct(id,name){
alert(name);
}
can any one solve my issues
Try:
$myPage .= "<td><a href='javascript:editProduct({$row['id']},\""
. htmlentities( $row['name'] )
. "\")'>Edit</a></td>";
htmlentities default behaviour is to convert double quotes and leave single quotes alone, if you require converting single and double quotes, then call it like this:
htmlentities( $row[ 'name' ], ENT_QUOTES )
Also, using { .. } in "..." strings is the correct way to substitute variables.
The PHP string
'<a href=\'javascript:editProduct('.$row['id'].',"'.$row['name'].'")\'>';
outputs (assuming some values)
<td><a href='javascript:editProduct(123,"abc")'></td>
Presumably it breaks if $row['name'] contains a " quote. You could replace such quotes with a \" in the string before you output it using str_replace('"', '\"', $row['name'])