We Keep Coding

Escaping single quotes in a URL link

I have a link that is sent throw some PHP code:
echo "<a href='" . $galerry . "#" . apastro(get_title($primid)) . "' class='linkorange'>voir sa galerie</a>";
$galerry links to another page.
get_title($primid) is the id of a specific element in $galerry page.
And the mechanism works fine until one of the elements id has a single quote in it. Which makes sense as it would interrupt the echo function.
This is why I have the apastro function:
function apastro($phrase){
$phrase1 = str_replace("'", "\'", $phrase);
return $phrase1;
}
Yet, the \ before the single quote isn't helping...
So let's say the link redirects to the element with id="l'aro" on the page something.php. Then the URL will be something.php#l\.

it would interrupt the echo function
It wouldn't. It would break a string literal delimited by ' characters, but your string literal is delimited with " characters. In this case, it is breaking the HTML attribute value which is delimited by ' characters.
\ is not an escape character for URLs or HTML.
Use urlencode to make a string safe to put into a URL.
Use htmlspecialchars to make a string safe to put into an HTML attribute.
$title = get_title($primid);
$urlsafe_title = urlencode($title);
$url = $galerry . "#" . $urlsafe_title;
$htmlsafe_url = htmlspecialchars($url, ENT_QUOTES | ENT_HTML5);
echo "<a href='$htmlsafe_url' class='linkorange'>voir sa galerie</a>";

If you're looking to escape single quotes only, use double backslashes, as follows
$str = str_replace("'", "\\'", $str);

PHP Replacing \" and \' with " and '

I am trying to go through the array string I called out from database and filtered to a readable state. The string could have a lot of \' and \", below is just an example.
$content = 'It\'s go to somewhere \"GREAT\"!';
I am trying to use str_replace but it is not working...
$content1= str_replace('\\\'', "'", $content );
$newcontent= str_replace('\\\"', '"', $content1 );
Output should be
It's go to somewhere "GREAT"!
instead.. I get
It\'s go to somewhere \"GREAT\"!
I looked at preg_replace, but I don't quite get all the /.. or where to start on it.
Please help.

Here's how
$content = 'It\'s go to somewhere \"GREAT\"!';
$content = stripslashes($content);
echo $content;

What you want to use is stripslashes($str).
Returns a string with backslashes stripped off. (\' becomes ' and so on.) Double backslashes (\) are made into a single backslash ().
$str = "Is your name O\'reilly?";
// Outputs: Is your name O'reilly?
echo stripslashes($str);

Converting double quotes to single quotes

I am little stuck today trying to convert double quote into single quote.
I got this:
$string=" WHERE news_cat='$catid' AND news_title LIKE '%$searchnews%'";
I did this but it didn't work:
$string = ' WHERE `news_cat` = \'' . $catid . '\' AND `news_title` LIKE '%$searchnews%'';

You also need to escape the last single quotes:
LIKE \'%'.$searchnews.'%\'';

PHP OB_START which double quotes

i'm using php on_start and ob_get_contents to echo html and store in a variable. However when I json encode and check the output it doesn't output the entire string. Could anyone help point out what I'm doing wrong
ob_start();
echo'<img src=\"images/editphotohover.png\"/>\"';
$photo = ob_get_contents();
ob_end_clean();
I get only get the ending anchor tag
in the json encode output

There is no need to escape double quotes here
echo'<a href=\"javascri...
just write this:
echo'<a href="javascri...
Double quotes are kept while in single quotes!
Additionally, note that escaping within single quotes has no effect:
"\t" renders as a TABULATOR character
'\t' renders as \t
The PHP documentation states this:
To specify a literal single quote, escape it with a backslash (\).
To specify a literal backslash before a single quote, or at the end of the string, double it (\\).
Note that attempting to escape any other character will print the backslash too.
Therefore, how about this code:
echo'<a href="javascript:pixlr.edit(
{ image: \'http://mywebite.com/uploads/$photo\',
title: \'' . $photoFileNameProper . '\',
service: \'express\',
exit:\'http://mywebsite.com/home\',
method: \'get\',
locktarget: \'true\',
target: \'http://mywebsite.com/plixr.php\',
locktitle: \'true\'
});"
id = "uploadedPhoto"
title = "click to enhance photo">
<img src="images/editphotohover.png"/>
</a>'
;

PHP new line problem

simple problem baffling me...
i have a function:
function spitHTML() {
$html = '
<div>This is my title</div>\n
<div>This is a second div</div>';
return $html
}
echo $spitHTML();
Why is this actually spitting out the \n's?

Backslashes used in single quote strings do not work as escape characters (besides for the single quote itself).
$string1 = "\n"; // this is a newline
$string2 = '\n'; // this is a backslash followed by the letter n
$string3 = '\''; // this is a single quote
$string3 = "\""; // this is a double quote
So why use single quotes at all? The answer is simple: If you want to print, for example, HTML code, in which naturally there are a lot of double quotes, wrapping the string in single quotes is much more readable:
$html = '<div class="heading" style="align: center" id="content">';
This is far better than
$html = "<div class=\"heading\" style=\"align: center\" id=\"content\">";
Besides that, since PHP doesn't have to parse the single quote strings for variables and/or escaped characters, it processes these strings a bit faster.
Personally, I always use single quotes and attach newline characters from double quotes. This then looks like
$text = 'This is a standard text with non-processed $vars followed by a newline' . "\n";
But that's just a matter of taste :o)

Because you're using single quotes - change to double quotes and it will behave as you expect.
See the documentation for Single quoted strings.

Change ' to " :) (After that, all special chars and variable be noticed)
$html = "
<div>This is my title</div>\n
<div>This is a second div</div>";