I am trying to create html content in PHP and for onclick event I have included a function named uchat for a div. The function takes a name parameter which is a string.
Like below:
$name = "Php string";
$echostr .= "<div onClick='uchat(\'$name\')'>
</div>";
But, passing a string value like this causes syntax error when div is clicked. Because, single quote is within a single quote. I have tried to escape it, but it still doesnt work.
The error is this:
SyntaxError: illegal character
uchat(\
I am not sure how to escape a string parameter and I have come across this problem so many times, Please help if you have a solution for this.
Thanks.
Escaped single quotes will conflict with outer ones:
$echostr .= "<div onClick=\"uchat('$name')\">
</div>";
Here are 2 clean and simple ways to do this:
1. Classic concat
$name = "Php string";
$str = "<div onClick=\"uchat('" . $name . "')\"></div>";
print $str;
2. Using sprintf (http://us3.php.net/manual/en/function.sprintf.php)
$name = "Php string2";
$str = sprintf("<div onClick=\"uchat('%s')\"></div>", $name);
print $str;
try like this
$echostr .= "<div onClick='uchat("$name")'></div>";
This works:
<?php
$name = "Php string";
$echostr .= <<< EOF
<div onClick="uchat('$name')"></div>
EOF;
echo $echostr;
?>
Output:
<div onClick="uchat('Php string')"></div>
In order to avoid escaping all double quotes and to make the html code more readable you can use EOF.
See it action : http://ideone.com/vRCCVH
Related
I would like to replace array string values which contains multiple special characters to normal one.
Tried Code (array values):
$data['ENV_TEST'] = "rambo";
$data['ENV_DEV'] = "Project Bribara<"${ENV_TEST}"#gmail.com>"
echo str_replace("${ENV_TEST}", $data['ENV_DEV'], $data['ENV_DEV']);
also tried
echo str_replace("\"${ENV_TEST}\"", $data['ENV_DEV'], $data['ENV_DEV']);
Expected:
"Project Bribara<rambo#gmail.com>"
Actual:
"Project Bribara<"${ENV_TEST}"#gmail.com>"
How can I get the expected output?
You should on PHP strings sometime. The important part about double quoted strings for your question is that you need to put a backslash before every $ and every " inside your string. Your code will then look like this:
$data['ENV_TEST'] = "rambo";
$data['ENV_DEV'] = "Project Bribara<\"\${ENV_TEST}\"#gmail.com>";
echo str_replace("\${ENV_TEST}", $data['ENV_TEST'], $data['ENV_DEV']);
//also tried
echo "\n\n";
echo str_replace("\"\${ENV_TEST}\"", $data['ENV_TEST'], $data['ENV_DEV']);
If you use single quoted strings you don't need to escape $ (see the manual), and instead of \", you would need to escape single quotes (but there aren't any in your example).
$data['ENV_TEST'] = "rambo";
$data['ENV_DEV'] = 'Project Bribara<"${ENV_TEST}"#gmail.com>';
echo str_replace("\${ENV_TEST}", $data['ENV_TEST'], $data['ENV_DEV']);
//also tried
echo "\n\n";
echo str_replace('"${ENV_TEST}"', $data['ENV_TEST'], $data['ENV_DEV']);
I also fixed a missing semicolon and replaced DEV with TEST in one place.
String concatenation in PHP is done through the . operator. Your code would be:
$data['ENV_DEV'] = "Project Bribara<".$data['ENV_TEST']."#gmail.com>"
My code simply displays a random line from a text file,
But in my text file most of the proxies look like this: "11.15.19.15:80" I need help how to display only the address on the site, and remove the quotation marks.
<?php
$message_array = file("proxies.txt");
$message = array_rand($message_array);
echo "$message_array[$message]";
?>
All you need to do is wrap the string in a trim():
<?php
$message_array = file("proxies.txt");
$message = array_rand($message_array);
echo trim($message_array[$message], "\""); // 11.15.19.15:80
?>
Note that the second argument in trim() is needed, because your string contains the " characters, rather than uses them to denote the string itself. Adding an escaped backslash ("\"") removes the quotation marks from what is inside the string itself.
I've created a simple demonstration of this at 3v4l.org here.
I think you can use a regex like so:
preg_replace('/["]*/g', '', $message);
Use str_replace. Here is an example:
$message = str_replace('"', '',$message);
You can use the trim function if you just need to remove the double quotes:
$message = trim($message, '"');
Also str_replace:
$message = str_replace('"', '', $message);
I have read this post that discuss about converting html break tag into a new line in php. Other people said it's work for them but something weird happened to me.
this is the code I use:
$breaks = array("<br />", "<br>", "<br/>");
$jawaban = str_ireplace($breaks, "
", $jawaban1);`
and this is the code they use :
$breaks = array("<br />", "<br>", "<br/>");
$text = str_ireplace($breaks, "\r\n", $text);
both insert "\r\n" into the text , why is this happening ?
screenshot:
if there's any previous post / PHP method let me know
EDIT : adding my code that echo the textbox
<-- THIS WONT WORK -->
$username = $_SESSION['username'];
$unsafenomorsoal = $_POST['nomorsoal'];
$unsafejawaban = $_POST['jawaban'];
$nomorsoal = mysqli_real_escape_string($konek,$unsafenomorsoal);
$jawabannotcut = substr($unsafejawaban,0,50000);
$unsafejawabanfirst = nl2br($jawabannotcut);
$jawaban1 = mysqli_real_escape_string($konek,$unsafejawabanfirst);
$breaks = array("<br />","<br>","<br/>");
$jawaban = str_ireplace($breaks, PHP_EOL, $jawaban1);
$_SESSION['textvaluejawaban'] = $jawaban;
and this is what echoed :
echo "<div class=\"head-main-recent-background\" style=\"background:white;width:99%;color:black;text-align:left;height:1000px;position:relative;top:130px;margin-top:10px;\">- Jawab Soal -<br/>".$jawabanerror."<br/>Nama : ".$_SESSION['username']."<br/>
<form method=\"post\" action=\"prosesjawabsoal.php\">
<input type=\"hidden\" name=\"nomorsoal\" value=\"".$_SESSION['nomorsoal']."\"/>
Jawaban : <br/>
<textarea placeholder=\"Max 40.000 Huruf\" style=\"overflow- x:none;width:99%;height:300px;\" type=\"text\" name=\"jawaban\" maxlength=\"40000\" >".$_SESSION['textvaluejawaban']."</textarea>
<br/>Captcha <br/>
<div style=\"overflow:hidden;\" class=\"g-recaptcha\" data- sitekey=\"6LfYQicTAAAAAFstkQsUDVgQ60x_93obnKAMKIM9\"></div><br/>
<button type=\"submit\" name=\"submit\" style=\"margin-top:10px;height:auto;width:auto;\">Kirim Jawaban</button>
</form>
</div>";
Note : The snippet won't work because it's php
Sorry i used snippet due to error while posting the code !
EDIT :
tried preg_replace() method but still same result
EDIT :
change title to tell that preg_replace not work
Your problem is the mysqli_real_escape_string(). The converts the "\r\n" into a string to make it safe to input into the database. Remove it completely. Instead use htmlspecialchars when you output to screen:
echo htmlspecialchars($myUnsafeVar);
Apply these rules (as a starting point, there's always possible exceptions, but in rare cases):
use mysqli_real_escape_string when inputting strings into a database. It won't do what you expect when outputting to screen - so anything that has been mysql escaped() should not appear on screen.
use htmlspecialchars (which you don't have!) when outputting to screen.
use url_encode for adding stuff into a URL
There are also many different "escape" function (e.g. inserting into JSON, inserting into mysql, inserting into other databases). Use the right one for what you need - and don't use it for other purposes.
Check the functions for more details.
As it currently stands your code is not safe even with all those efforts - but it's really simple to fix!
try with preg_replace() function and no need of \n\r both you can do with \n or PHP_EOL only
$jawaban = preg_replace('#<br\s*?/?>#i', "\n", $jawaban1);
or
$jawaban = preg_replace('#<br\s*?/?>#i', PHP_EOL, $jawaban1);
you must knowing these before working with strings:
"\n\r" means new line.
'\n\r' doesn't mean new line.
doesn't mean new line. It's just HTML number for HTML Symbols. when you are using it, you mean just show \n\r in your browser. this is answer to your question:
both insert "\r\n" into the text , why is this happening?
so, after knowing that, you understand:
if your $jawaban1 string is
Hello <br> and welcome!
and your code is
$breaks = array("<br />", "<br>", "<br/>");
$jawaban = str_ireplace($breaks, "
", $jawaban1);
It means, $jawaban will be exactly like this:
Hello
and welcome!
without any \n\r and just your browser showing it like this:
Hello \n\r and welcome!
If you want to replace all br by \n\r just use the code in your question:
$breaks = array("<br />", "<br>", "<br/>");
$text = str_ireplace($breaks, "\r\n", $text);
About preg_replace()
When you can use str_ireplace, Don't use preg_replace. str_ireplace is faster.
Don't do it if you don't need it
in your code you did this:
$unsafejawabanfirst = nl2br($jawabannotcut);
and right after that you want to replace br with \n\r. It's like do and undo. I see that you are trying to show it again inside textarea element. so don't replace \n\r with br. the solution? don't change \n\r at all and if you want save it to the db just save it with \r\r. when you need it to show outside of textarea element just use nl2br function.
There is always something that saves my day, it is actually a workaround and your question is a trigger for me to get deeper to this matter - once for all.
For now, here you go - nice & sleek workaround:
There is already nl2br() function that replaces inserts <br> tags before new line characters:
Example (codepad):
<?php
// Won't work
$desc = 'Line one\nline two';
// Should work
$desc2 = "Line one\nline two";
echo nl2br($desc);
echo '<br/>';
echo nl2br($desc2);
?>
I am trying to pass a string to a javascript function which opens that string in an editable text area. If the string does not contain a new line character, it is passed successfully. But when there is a new line character it fails.
My code in PHP looks like
$show_txt = sprintf("showEditTextarea('%s')", $test_string);
$output[] = '<a href="#" id="link-'.$data['test'].'" onclick="'.$show_txt.';return false;">';
And the javascript function looks like -
$output[] = '<script type="text/javascript">
var showEditTextarea = function(test_string) {
alert(test_string);
}
</script>';
The string that was successfully passed was "This is a test" and it failed for "This is a first test
This is a second test"
Javascript does not allow newline characters in strings. You need to replace them by \n before the sprintf() call.
You are getting this error because there is nothing escaping your javascript variables... json_encode is useful here. addslashes will also have to be used in the context to escape the double quotes.
$show_txt = sprintf("showEditTextarea(%s)", json_encode($test_string));
$output[] = '<a href="#" id="link-'.$data['test'].'" onclick="'.htmlspecialchars($show_txt).';return false;">';
Why don't you try replacing all spaces in the php string with \r\n before you pass it to the JavaScript function? See if that works.
If that does not work then try this:
str_replace($test, "\n", "\n");
Replacing with two \ may work as it will encapsulate.
I would avoid storing HTML or JS in PHP variables as much as possible, but if you do need to store the HTML in a PHP variable then you will need to escape the new line characters.
try
$test_string = str_replace("\n", "\\\n", $test_string);
Be sure to use double quotes in the str_replace otherwise the \n will be interpreted as literally \n instead of a new line character.
Try this code, that deletes new lines:
$show_txt = sprintf("showEditTextarea('%s')", str_replace(PHP_EOL, '', $test_string));
Or replaces with: \n.
$show_txt = sprintf("showEditTextarea('%s')", str_replace(PHP_EOL, '\n', $test_string));
I'm making this chat server, but it doesn't work quite well. When you send a piece of text, it first gets encoded by the function base64_encode() and then gets sent to a MySQL database.
Then the receiver gets the text from that same MySQL database, which is of course first decoded by the function base64_decode().
The only problem is with the special characters like \n \' and \t: when I get the data from the database and print it between two textarea tags, I see \n as a string, and not as actual line breaks.
In short, I need to fix this problem:
$String = 'Line 1 \n Line 2';
print '<textarea>' . $String . '</textarea>';
//The result I want
//<textarea> Line 1
//Line 2 </textarea>
The function nl2br doesn't work, because tags inside a textarea tag won't work, and also because there other characters like apostrophes.
Could anybody help me?
Thanks!
You need to enclose your string into double quotes, for special characters to be evaluated.
$String = "Line 1 \n Line 2";
print '<textarea>' . $String . '</textarea>';
If you change this:
$String = 'Line 1 \n Line 2';
print '<textarea>' . $String . '</textarea>';
to this:
$String = "Line 1 \n Line 2"; // double quote
print '<textarea>' . $String . '</textarea>';
... you will get the output you want.
This one is also works same as using " ... ", however maybe helps in your case:
$string = <<<EOT
Line 1 \n Line 2
EOT;
echo '<textarea>' . $string . '</textarea>';
As the others said, your problem is Single-Quotes.