I am attempting to echo a Tweet button in a table and have the tweet text from a json_array response.
The following code work unless the json response has a single quote(apostrophe) in it.
If the response has a single quote ( example I'm unhappy) this breaks the tweet text and stops after the I
is there away to strip all single quoyes from an array? or is there a better way to do what I am trying to accomplish?
echo "<table border='0'>";
echo "<tr><td><a href='https://twitter.com/share' class='twitter-share-button'{count} data-text='";
echo $json_array["reasons"][0]["author_name"], "says ", $json_array["reasons"][0]["content"];
echo " data-via='OnRecall' data-hashtags='OnRecall'>Tweet</a></td></tr>";
echo "<tr><td>Name: </td><td>", $json_array["reasons"][0]["author_name"];
echo " -> Liked: ", $json_array["reasons"][0]["like_count"], " times.</td></tr>";
echo "<tr><td width= '20'></td><td>", $json_array["reasons"][0]["content"];
echo "</td></tr></table><p><hr></hr></p>";
So if $json_array["reasons"][0]["content"] has a single quote in it, the tweet text stops at it.
Thank you for reading.
You can use PHP's htmlspecialchars function to accomplish this. With the ENT_QUOTES flag, this function will encode all quotes as HTML entities (' becomes ') and also significantly reduce your vulnerability to Cross-Site Scripting attacks -- this is especially important when the data you're displaying comes from an untrusted source (like someone else's Twitter feed):
$content = htmlspecialchars($json_array["reasons"][0]["author_name"], ENT_QUOTES)
. "says "
. htmlspecialchars($json_array["reasons"][0]["content"], ENT_QUOTES);
echo "<a ... data-text='$content'>';
You need to escape all the single quotes in your string. You can use str_replace() function to replace all ' to \', like this:
$content = str_replace("'","\'",$json_array["reasons"][0]["content"]);
// now echo $content
Here's the reference:
str_replace()
Related
I need to do something like this:
header("Content-Type: text/plain");
echo <<<EOT
<?php echo 'arbitrary code using ' . $variables . ' and such.';
echo 'finished';
?>
EOT;
The problem is, PHP still interprets the inline PHP as code and tries to execute it. I would like just to see the code printed in the window.
Use Nowdoc, notice the quotes around 'EOT':
echo <<<'EOT'
<?php echo 'arbitrary code using ' . $variables . ' and such.';
echo 'finished';
?>
EOT;
Or use a single quoted string, obviously escaping single quotes in the string:
echo '
<?php echo \'arbitrary code using \' . $variables . \' and such.\';
echo \'finished\';
?>';
You could use highlight_string function, it receives a string containing your php code and outputs html with the syntax highlight colors.
ex:
<?php highlight_string("<?php echo 'hi'; ?>");?>
You have also the function highlight_file, same thing, but receives a string with the file location.
Doc:
http://php.net/manual/en/function.highlight-string.php
http://php.net/manual/en/function.highlight-file.php
I have this php line which works fine:
echo "<p>" . $post['message']. "</p>";
But I want to change it so it will link to my page (not to a single post). So it should look like that.
echo "<p>" . $post['message']. "</p>";
I have tried a lot many proposition gathered on different website, but each time I am getting an error.
Any idea ?
Thanks a lot!
Using single and double quotes, you avoid escaping issues. Try this:
echo '<p>'. $post['message']. '</p>';
i see that you didn't escaped from double quote that closes href attribute:
echo "<p><a href=\"https://www.facebook.com/rscmovement\" target=\"_blank\">"
I guess You have missed the back slash () before " after www.facebook.com/rscmovement.
"https://www.facebook.com/rscmovement\" "\"target=\"_blank\">" will
Oh boy! I cant get this to work. Any ideas on what the heck I'm doing wrong? Here's the code.
I'm trying to echo the script but use a php function to get the directory of the js file!!
Any help would be appreicated!!
echo '<script src="<?php get_some_function();?> . /js/main.js"></script>';
I've tried dif scenerios with escaping but cant get this to output correctly.
Since you're already in the PHP context, you can simply concatenate the strings, like so:
echo '<script src="' . get_some_function() . '/js/main.js"></script>';
Using sprintf() looks more cleaner, though:
echo sprintf('<script src="%s/js/main.js"></script>', get_some_function());
Instead of opening another script tag inside the string, concat the string and echo. The <?php within your string will not be evaluated.
echo '<script src="'. get_some_function() . '/js/main.js"></script>';
Simple string concatenation:
echo '<script src="' . get_some_function() . '/js/main.js"></script>';
Don't forget to properly escape the output of your function!
try doing this:
echo '<script src="'.get_some_function().' /js/main.js"></script>';
or this:
$value = get_some_function();
echo '<script src="'.$value.' /js/main.js"></script>';
Remember that any variable echoed in single quotes ( ' ' ), the value of that variable will be not printed, and if a variable is echoed in double quotes ( " " ) it will be printed.
Similar is true for returned data from a function stored in a varaible. If you are using single quotes, then every php code (variable, or a method call of a class) should be concatenated using dot operator ( . , :P ) . If you are using double quotes, then no need to use . .
Like in all above answers, they have used . to append the php function call, your code may be fine as below also (not tested by me, so you will need to do adjustment) :
$src = get_some_function();
echo "<script src=$src/js/main.js></script>";
But please note that it is a best practice to use single quotes for any kind of html etc echoed in php code, because HTML attributes are using double quotes.
Hope this will help...
How should I quote this:
<tr onclick="$.colorbox({href:'information1.html'});">
When put in an echo " "; ?
I have tried this:
echo "<tr onclick='$.colorbox({href:'information1.html'});'>";
Which shows a Jquery error.
And I tried this:
echo "<tr onclick="$.colorbox({href:'information1.html'});">";
Which shows a PHP error.
Any workarounds? Thanks
You need to escape the quotes symbols:
echo '<tr onclick="$.colorbox({href:\"information1.html\"});">'
Note that using inline script is not considered to be a good practice!
echo '<tr class="foo">'
In the javascript code:
$('.foo').click(function() {
$.colorbox({ href: "information1.html" });
});
Simply escape the quotes. Whilst on this subject I feel it important to mention the fact that generally speaking, you should use single quotes for 'code' and double quotes only for displayed strings.
This stems from C standards and keeping this consistent will help you in the future if for example you wanted to implement gettext() and translate your website into multiple languages.
echo '<tr onclick="$.colorbox({href:\'information1.html\'});\">';
Having said that, there's a better way to achieve what you're doing. Give the row an id:
<tr id="inforow" />
And use jQuery to bind to it's click event when the DOM is ready.
$(document).ready(function() {
$(".inforow").click(function() {
$.colorbox({href:'information1.html'});
});
});
Anytime you want to print a string with a quote in it, just use the escape character '\' to ignore the quote as a literal closing quote, like so:
echo "<tr onclick=\"$.colorbox({href:'information1.html'});\">";
echo "<tr onclick=\"$.colorbox({href:'information1.html'});\">";
echo "<tr onclick=\"$.colorbox({href:'information1.html'});\">";
Try that:
echo "<tr onclick=\"$.colorbox({href:'information1.html'});\">";
I would use PHP-methods instead of caring about the quotes
echo '<tr onclick="'.
htmlentities('$.colorbox('.json_encode(array('href'=>'information.html'))).')">';
...will always create proper JSON and proper HTML, no matter what characters you use.
NO NEED to quote it.
NO NEED to put in an echo " ";
Just leave it AS IS:
?>
<tr onclick="$.colorbox({href:'information1.html'});">
<?
as well as any other HTML.
It's PHP. It's embedded in HTML. You can leave PHP mode any time
Another way is using EOD
$string = <<<EOD
"duble quotation" and 'quotation' all enable
EOD;
echo $string;
I am echoing back these 2 variables in to a table, but wanted to know how to add a line break between these 2?
echo $row ['username'] . $row ['date_time'];
if you're printing an HTML output to your browser:
echo $row["username"]."<br />".$row["date_time"];
EDIT:
when printing to HTML - you better print the variables after passing them through htmlspecialchars function in order to avoid Cross-site-scripting (XSS), I'll do it this way:
echo htmlspecialchars($row["username"],ENT_QUOTES)."<br />".htmlspecialchars($row["date_time"],ENT_QUOTES);
if you want to print it to a file or something similar:
echo $row["username"]."\n".$row["date_time"];
you can always echo normal html from php.
echo "<div id=\"mydiv\"> Div content goes here </div>";
note the backslashes for double quotes wrapping mydiv to escape them.
so you can add a tag in between them to get a new line.
echo $row["username"] . "<br />" . $row["date_time"];