i'm using php on_start and ob_get_contents to echo html and store in a variable. However when I json encode and check the output it doesn't output the entire string. Could anyone help point out what I'm doing wrong
ob_start();
echo'<img src=\"images/editphotohover.png\"/>\"';
$photo = ob_get_contents();
ob_end_clean();
I get only get the ending anchor tag
in the json encode output
There is no need to escape double quotes here
echo'<a href=\"javascri...
just write this:
echo'<a href="javascri...
Double quotes are kept while in single quotes!
Additionally, note that escaping within single quotes has no effect:
"\t" renders as a TABULATOR character
'\t' renders as \t
The PHP documentation states this:
To specify a literal single quote, escape it with a backslash (\).
To specify a literal backslash before a single quote, or at the end of the string, double it (\\).
Note that attempting to escape any other character will print the backslash too.
Therefore, how about this code:
echo'<a href="javascript:pixlr.edit(
{ image: \'http://mywebite.com/uploads/$photo\',
title: \'' . $photoFileNameProper . '\',
service: \'express\',
exit:\'http://mywebsite.com/home\',
method: \'get\',
locktarget: \'true\',
target: \'http://mywebsite.com/plixr.php\',
locktitle: \'true\'
});"
id = "uploadedPhoto"
title = "click to enhance photo">
<img src="images/editphotohover.png"/>
</a>'
;
Related
I have a link that is sent throw some PHP code:
echo "<a href='" . $galerry . "#" . apastro(get_title($primid)) . "' class='linkorange'>voir sa galerie</a>";
$galerry links to another page.
get_title($primid) is the id of a specific element in $galerry page.
And the mechanism works fine until one of the elements id has a single quote in it. Which makes sense as it would interrupt the echo function.
This is why I have the apastro function:
function apastro($phrase){
$phrase1 = str_replace("'", "\'", $phrase);
return $phrase1;
}
Yet, the \ before the single quote isn't helping...
So let's say the link redirects to the element with id="l'aro" on the page something.php. Then the URL will be something.php#l\.
it would interrupt the echo function
It wouldn't. It would break a string literal delimited by ' characters, but your string literal is delimited with " characters. In this case, it is breaking the HTML attribute value which is delimited by ' characters.
\ is not an escape character for URLs or HTML.
Use urlencode to make a string safe to put into a URL.
Use htmlspecialchars to make a string safe to put into an HTML attribute.
$title = get_title($primid);
$urlsafe_title = urlencode($title);
$url = $galerry . "#" . $urlsafe_title;
$htmlsafe_url = htmlspecialchars($url, ENT_QUOTES | ENT_HTML5);
echo "<a href='$htmlsafe_url' class='linkorange'>voir sa galerie</a>";
If you're looking to escape single quotes only, use double backslashes, as follows
$str = str_replace("'", "\\'", $str);
Let's say this is my script down here, as you can see I've used multiple " and '. These quotations conflict in ending the current php variable, so it basically sees this:
$message = "<?php echo '<div class="
As a string, whilst the quotation is only to define the class, not to end the variable. I've tried using ' but then it conflicts with the echo, so I'm kinda stuck at the moment.
<?php
$message = "
<?php
echo '<div class="gebruiker">';
$fh = fopen('_gebruiker.txt','r');
while ($line = fgets($fh)) {
echo($line);
}
fclose($fh);
echo '</div>';
?>
";
**MORE PHP CODE HERE**
?>
How can I use multiple quotations in one PHP script without them having conflicts.
If you use single quotes outside, you need to escape all single quotes inside, but can use double quotes and the dollar char without escaping.
If you use double quotes outside, you need to escape all double quotes and dollar chars inside, but can use single quotes without escaping.
If you use a heredoc string, you need to escape dollar chars but can use both single and double quotes without escaping.
If you use a nowdoc string, you do not need to escape anything unless you have FOO; in the string at the beginning of a new line.
So the solution is to use a nowdoc string:
$message = <<<'EOF'
your stuff with " or ' or $ here!
EOF;
Adding a backslash so PHP can recognize just only double quotes or quotes when escaped.
Example:
echo "<div class=\"gebruiker\">";
I suggest using either Heredoc or Nowdoc
Example
$foo = 'test';
// Heredoc
$here = <<<HERE
I'm here, $foo!
HERE;
// Nowdoc
$now = <<<'NOW'
I'm now, $foo!
NOW;
Heredoc will print the contents of $foo when echoed while Nowdoc will simply echo $foo.
In the references I added below you can do more reading up on this subject.
References:
php.net - strings
stackoverflow - advantages of heredoc vs nowdoc
You can escape the quotes with a slash character like so: \"
This should work, you can't open Php tag without closing before.
<?php
$message = '<div class="gebruiker">';
$fh = fopen('_gebruiker.txt','r');
while ($line = fgets($fh)) {
$message .=$line.'<br/>';
}
fclose($fh);
$message.='</div>';
echo $message;
**MORE PHP CODE HERE**
?>
I have these two lines that I would like to escape the $type variable:
$functionName = str_replace('-', '_', $type);
$output .= '<div class="tab-pane" id="'. $type .'">';
I tried escaping like below but its confusing me and not sure whether thats right:
$output .= '<div class="tab-pane" id="\'. $type .'\">';
Example 1: Variable between single quotes
If you use single quotes everything between them will always be treated as part of the string.
$output .= '<div class="tab-pane" id="' . $type . '">";
Example 2: Variable between double quotes (option 1)
If you have a variable that you want to pass in a string you can just put it in there if you use double quotes and de variable is nog 'touching' the other words. It should always have spaces.
$output .= "<p>i would like to $your_text_here with you.</p>";
Example 3: Escaping quotes in a string
Escaping characters in a string can be done by using a \ (backslash) before the character you want to escape.
$output .= "<div class=\"tab-pane\" id=\"example-id\">";
Example 4: Variable between double quotes without spaces next to it
You can place your variable between {} braces if you use double quotes (option 2)
$output .= "<div class=\"tab-pane\" id=\"{$type}\">";
This question was however already answered in Mixing PHP variable with string literal
Your first block is doing string replacements, but then you use the ORIGINAL string, not the replaced one:
$output .= '<div class="tab-pane" id="' . $functionName . '">';
would be more correct. On the second one, you're escaping the ' quotes, which means that you never terminate the string, meaning that the . $type . portion is treated as plaintext within the string, not a PHP concatenation operation. Try
$output .= '<div class="tab-pane" id="' . $type . '">';
instead. note the LACK of backslash escapes.
And of course, you could use a HEREDOC, eliminating any need to escape quotes entirely:
$output .= <<<EOL
<div class="tab-pane" id="{$functioName}">
EOL;
In this case, you don't need to escape at all. You only escape within the same type of quotes. You don't escape double inside single or single inside double.
So with 'o'reilly' you would escape like 'o\'reily'. But with "o'reilly" you'd just keep it as "o'reilly". But with "He said "hello"" you'd escape "He said \"hello\"". Yet, with 'He said "hello"' you would not escape at all.
But if your $type variable can contain double quotes, you will need to consider that to prevent your HTML from being broken in that case. How you would handle the quotes inside the variable $type would be by replacing the " with its HTML entity equivalent:
$output .= '<div class="tab-pane" id="' . str_replace('"', '"', $type) . '">';
Or use htmlentities() which will do the same replace as well as others.
Note, its the double quotes inside the variable you would want to handle, not to escape the single quotes outside. Because presumably the issue is that if the variable contained double quotes it would break your HTML since you are using double quotes around the value for id:
i.e. id="contents_of_type_variable"
If you had id="contents"_of_type_variable" your HTML would be broken.
So you change that to id="contents"_of_type_variable"
If you're trying to escape something else, it is due to a misunderstanding.
Hi i have been using this php echo statement
echo "<a href = 'message_delete_script_outbox.php?id=".$row['id']."'"."onclick='return
confirm(/Are you sure, you want to delete?/)'>Delete</a>";
The statement is working i am seeing this message /Are you sure, you want to delete?/ instead of this Are you sure, you want to delete?
Your quote nesting is a little messed up. Try to follow these rules:
Outer quote = " (This marks the beginning and end of the string)
Inner quote = \" (Escaped as to not flag "beginning/end of string")
Third-tier quote = ' (Literal quote)
Fourth-tier quote = \' (Literal quote that will be generated as an escaped outer quote)
Result:
echo "<a href=\"message_delete_script_outbox.php?id=".$row['id']."\"onclick=
\"return confirm('Are you sure, you want to delete?')\">Delete</a>";
More info about quote nesting: http://blog.opensourceopportunities.com/2007/10/nested-nested-quotes.html
You enclose the message in quotes, and those quotes need to be escaped to avoid confusing the PHP script:
echo "<a href = 'message_delete_script_outbox.php?id=".$row['id']."'"."onclick='return
confirm(\"Are you sure, you want to delete?\")'>Delete</a>";
Just add double quotes and escape them
echo "<a href = 'message_delete_script_outbox.php?id=".$row['id']."' onclick='return confirm(\"Are you sure, you want to delete?\")'>Delete</a>";
I am not sure if you added a new line when you posted here, but you should know you cannot have that script on 2 lines.
simple problem baffling me...
i have a function:
function spitHTML() {
$html = '
<div>This is my title</div>\n
<div>This is a second div</div>';
return $html
}
echo $spitHTML();
Why is this actually spitting out the \n's?
Backslashes used in single quote strings do not work as escape characters (besides for the single quote itself).
$string1 = "\n"; // this is a newline
$string2 = '\n'; // this is a backslash followed by the letter n
$string3 = '\''; // this is a single quote
$string3 = "\""; // this is a double quote
So why use single quotes at all? The answer is simple: If you want to print, for example, HTML code, in which naturally there are a lot of double quotes, wrapping the string in single quotes is much more readable:
$html = '<div class="heading" style="align: center" id="content">';
This is far better than
$html = "<div class=\"heading\" style=\"align: center\" id=\"content\">";
Besides that, since PHP doesn't have to parse the single quote strings for variables and/or escaped characters, it processes these strings a bit faster.
Personally, I always use single quotes and attach newline characters from double quotes. This then looks like
$text = 'This is a standard text with non-processed $vars followed by a newline' . "\n";
But that's just a matter of taste :o)
Because you're using single quotes - change to double quotes and it will behave as you expect.
See the documentation for Single quoted strings.
Change ' to " :) (After that, all special chars and variable be noticed)
$html = "
<div>This is my title</div>\n
<div>This is a second div</div>";