I have created one link from foreach loop in that I am showing one link with different parameters in jquery function
<?php
foreach ($questions as $row) {
if (!empty($row['url_ImageName'])) {
$url_ImageName = $row['url_ImageName'];
}else{
$Paragraph = $row['Paragraph'];
}
?>
Show Details
<?php
} ?>
function question_details(url_ImageName,Paragraph){
if (url_ImageName != '')
{
$(".exam-slideout .question-details img").attr("src",url_ImageName);
}
if (Paragraph != '')
{
$('.exam-slideout .question-details div').html(Paragraph);
}
}
in that first link which is created this:
Show Details
and the second link which is created this:
Show Details
in that, I have facing an issue with single quotes and double quotes.
to resolve this issue I have a try
$Paragraph = mysqli_real_escape_string($con, $row['Paragraph']);
But still function is not working with syntax error.
can anybody help me in this.
Just add a escape character (\) before the ' used in the middle of the string like:
Show Details
Alternative using Template Literals:
Show Details
You can learn more about Working with Strings in JavaScript.
You can use addslashes() on the $Paragraph variable, this will escape ' into \'. It will also escape ", so be a bit wary of it.
Show Details
Alternatively, replace all occurrances of ' to \' using str_replace().
Show Details
Live demo at https://3v4l.org/IFLnY
Related
I select a list of names from mysqli database then display row details in display.php with if (isset($_GET['name']));
The link is
$str = strtoupper($str);
echo "<tr><td><a href='php/display.php?name=$str'>$str</a></td></tr>";
This executes correctly unless name contains '(apostrophe).
For instance $str (as input/click) shows as L'ECLIPSE but the <a> link only L'
The result in display.php is 'No data found for your request'
I have found exact same queries on this site but none of the answers have resolved my problem. Perhaps I am not implementing correctly.
I assume this is about escaping. But I know little about it.
<?php
$str = strtoupper($str);
echo "<tr><td><a href='php/display.php?name=".urlencode($str)."'>$str</a></td></tr>";
urlencode() the string first. So you don't get this kind of problems.
Try this code.
<?php
$str = strtoupper($str);
echo "<tr><td><a href='php/display.php?
name=".htmlspecialchars($str)."'>$str</a></td></tr>";
?>
Your Single quote becomes ' ;
I hope it will help
MySql: I have my products table set up as follow:
pg_id | pg_name
1 | Pizza's calzone
2 | Kids menu
Php: Echo out the html while looping through the records in the MySQL table.
<?php do { ?>
<li>
<?php echo "<a href=". "products.php?p_group=" .$row_getproductnames[ 'pg_name'] . ">"; ?>
<?php echo $row_getproductnames[ 'pg_name']; ?>
</a>
</li>
<?php } while ($row_getproductnames=mysql_fetch_assoc($getproductnames)); ?>
My hyperlink: The link to the products.php page should look like this for records with white space in it. This post and reference the product names correctly in the products page.
http://127.0.0.1/products.php?p_group=Pizza's calzone
But it truncates after the white space to
http://127.0.0.1/products.php?p_group=Pizza's
I have checked numerous samples like using in the place of the white space, Html encryption or decryption etc. Still having problem with getting the string to link correctly. Any help would be appreciated.
You need to quote the href with double quotes:
echo "<a href=\"products.php?p_group=" .$row_getproductnames[ 'pg_name'] . "\">"
If you use single quotes or no quotes then the ' in pg_name is misunderstood by the browser.
Your not using quotes? I don't know for sure this is causing it but usually with any parsing issues quotes will fix it.
Try replacing this line:
<?php echo "<a href='products.php?p_group=" .$row_getproductnames[ 'pg_name'] . "'>"; ?>
If you are trying to create a valid URL, you can will want to replace the spaces with a + or %20. Either will do. I also suggest removing the apostrophes:
$new_url = str_replace(" ","+", $old_url); //Replace space
$new_url = str_replace("'","", $new_url ); //Remove apostrophe
Edit:
If you are needing to use the name parameter to retrieve an item from the database, you can do it by 're-replacing' the space and apostrophe characters at the other end like this:
Build the url:
$new_url = str_replace(" ","+", $old_url); //Replace space
$new_url = str_replace("'","APOSTROPHE", $new_url ); //Remove apostrophe
Then at the page where you will perform the SELECT query:
$product_name = str_replace("+"," ", $product_name); //Put spaces back
$product_name = str_replace("APOSTROPHE","'", $product_name ); //put apostrophes back
There are however much easier ways to send values to other pages such as sending a POST request
This question already has answers here:
Escaping quotation marks in PHP
(7 answers)
Closed 8 years ago.
Hope you're all well.
So here's what I want to do. I want to add to a review plugin in wordpress the possibility to open the page I want in a new window with the target="_blank" code.
I believe that's where the magic is happening, this is the original:
if ($show_morelink != '') {
$review->review_text .= " <a href='".$this->get_jumplink_for_review($review,1)."'>$show_morelink</a>";
}
This is what I did without any success:
if ($show_morelink != '') {
$review->review_text .= " $show_morelink";
}
I'm a beginner in PHP and I hope that someone can help me with this... I know it's not so hard.. I'm just missing something.
Thanks!
You must escape your quotes.
Use the following
$_morelink != '') {
$review->review_text .= "$show_morelink";
}
Source for handling strings.
Because your code is surrounded with double quotes, you are breaking out of them when you add in the target. You can either escape the quotes like this using a slash:
$review->review_text .= " $show_morelink";
Or change to using single quotes:
$review->review_text .= " <a href='".$this->get_jumplink_for_review($review,1)."' target='_blank'>$show_morelink</a>";
Edit
A third way you could do it is surrounding the whole string in single quotes and remove the single quotes and periods form inside:
$review->review_text .= ' $show_morelink';
Your problem is that you're using doublequotes to denote php strings, so you can't use doublequotes for your html:
if ($show_morelink != '') {
$review->review_text .= " <a href='".$this->get_jumplink_for_review($review,1)."' target='_blank'>$show_morelink</a>";
}
If you look at the HTML output you will see that both the href and target use single quotes now.
I always prefer to use single quotes for HTML code strings to improve readability.
if ($show_morelink != '') {
$review->review_text .= '
'.$show_morelink.'';
}
Lots of answers; most correctly pointing out the incorrect escaping of the quotations.
As it has not been mentioned yet sprintf() can also help with readability rather than having to concatenate strings.
$link = $this->get_jumplink_for_review($review,1);
$text = sprintf('%s', $link, $label);
I have a HTML achor tag like below:
echo '<a href="javascript:tempBuy('.$res_get_price[0][0].','.$res_get_price[0][1].','.$res_get_price[0][2].','.$dt_str.')">'.$res_get_price[0][0];
And the corresponding javascript function tempBuy() is
function tempBuy(rate,veg_name,market_name,dt)
{
alert(dt);
}
But the problem is it does not alert at all ! May be I need to include the variable names within single quotes in tempBuy() function. I tried tempBuy(\'var1'\,\'var2\'...) but it shows error. How can I able to to that. Thanks .
Source for the part shows like this:
<td width="120px" class="">56.0
</td>
<script>
function tempBuy(rate,veg_name,market_name,dt)
{
alert(rate);
}
</script>
You didn't wrap your javascript arguments in quotes. You need to wrap each variable in single quotes, since you used double quotes for "href" attribute. Another thing is that you didn't close up "a" HTML tag.
echo ''.$res_get_price[0][0].'';
If there is anything in your variables that is not a valid javascript literal you have to make it a string like:
echo '<a href="javascript:tempBuy(\''.$res_get_price[0][0].'\' ...
If there are ' in your variables you have to replace them with \' as well.
As you can see form the rendered output, you need to quote the last 3 arguments which are non-numeric. The correct output should be: javascript:tempBuy(56.0,'Apple','Bangalore','2013-05-18')
The corrected PHP code is:
echo ''.$res_get_price[0][0].'';`
echo "<a href=\"javascript:tempBuy('".$res_get_price[0][0]."','".$res_get_price[0][1]."','".$res_get_price[0][2]."','".$dt_str."')\">".$res_get_price[0][0];
In my controller, I have a string coming from database. I use
$user_id = $this->input->post('user_id');
$this->load->model('database','', TRUE);
$projects = $this->database->get_projects($user_id);
foreach($projects as $project)
{
echo ' <div onclick="someFunction(\''.$project['description'].'\')"></div>';
}
to pass value to a Javascript.
Everything works fine, unless there's a double quote in the string. Firebug throws
unterminated string literal
I've tried:
onclick = "someFunction(\''.addslashes($project['description']).'\')"
or
$description = str_replace('"', '"', $project['description']);
onclick = "someFunction(\''.$description.'\')";
but it didn't work.
Thanks for your help
try:
onclick = someFunction(<?php echo '"'.$myVariable.'"'; ?>);
You can't quote the parenthesis of the arguments... that's global, not only applicable for JS.
For mixin up PHP with js or html, just use the echo wherever you need to. Or google for the MVC model if you want cleaner code.
I think the best thing you could do is to create a view containing this code:
<div onclick="someFunction('<?php echo $project['description'] ?>')"></div>
and call it in your controller. Eventually you can use the php function addslashes() to quote strings/characters.
If you need to store this html in a variable in your controller, you can simply use the third parameter calling the view; it's explained here.
Update:
Try using htmlentities and not addslashes