Trying to create a plugin for wordpress that uses jquery:
echo "$('#datepicker').datepicker({ ..... ";
The # is working as a comment i tried \# to stop it but that doesnt work. Any ideas?
Code:
$dispWidget = $dispWidget.'<script type="text/javascript">';
$dispWidget = $dispWidget.'$(function() {";
$dispWidget = $dispWidget."$('#datepicker').datepicker({";
$dispWidget = $dispWidget."changeMonth: true,";
$dispWidget = $dispWidget."changeYear: true,";
If the error is "Parse error: syntax error, unexpected T_VARIABLE" the problem is actually related to the dollar sign.
To fix this, use single quotes in your PHP strings and double quotes in your JavaScript.
echo '$("#datepicker").datepicker({ ..... ';
Single quotes are better for performance as well.
What actually happens is this:
You open a single quote, then close it (when you juts wanted to add one to the string), and then add the hash, like this:
'..stuff..'#other stuff'
What you wanted was this:
'..stuff..\'#other stuff'
That single quote has to be escaped with a backslash to be treated as a character instead of a closing quote.
Related
About 2 of some of the Websites we did got hacked. We spent hours trying to see what went wrong. The loophole was the str_replace vs \0 the [Null Char] .
While using str_replace with Single Quotes ['].
Something like:
$str = 'java\0scr\0ip\0t:alert(\"XSS\")';
$clean_null_chars = str_replace('\\0','_[_blabla_]_',$str);
//Show the cleaned version
var_dump($clean_null_chars); // string 'java_[_blabla_]_scr_[_blabla_]_ip_[_blabla_]_t:alert(\"XSS\")' (length=62);
echo $clean_null_chars; //java_[_blabla_]_scr_[_blabla_]_ip_[_blabla_]_t:alert(\"XSS\")
However, using str_replace with Double Quotes ["], Nothing happens
Something like:
$str= "java\0scr\0ip\0t:alert(\"XSS\")";
$clean_null_chars = str_replace('\\0','_[_blabla_]_',$str);
//Show the cleaned version
var_dump($clean_null_chars); //string 'java�scr�ip�t:alert("XSS")' (length=26);
// ....[Notice the _Null Char_ rendered as question marks in var_dump]
echo $clean_null_chars;// javascript:alert("XSS")
Thus some genius managed to abuse the loophole.
Is this a normal behavior for str_replace when either Single Quotes or Double Quotes are involved?
here http://php.net/manual/en/function.str-replace.php they use both ['] and ["] no mention of different behaviors.
Any Ideas??
Getting very confused with echoing an HTML anchor with a variable inside.
<?php
echo ' Next';
?>
I've tried so many variations of lost which ones I've tried. One of the attempts was with curly brackets { but still nothing. I know I'm getting my single and double quotes muddled up!
Could somebody please put me straight on this one. Also, what is the rules for apostrophes and quotes in PHP. If I want to echo something, what shall I start it with, an apostrophe or a quote.
<?php
echo ' Next';
?>
If you want to do some math of other trickery inside an echo, you will need to surround it in brackets.
Edit: #DaveRandom points out that the exception to the trickery clause is $var++ and ++$var.
If you use ' when printing string, everything inside is treated as a text.
If you use ", variables passed inside are converted to the their values.
However it's impossible to do a math operations inside ". You have to escape it and do it in 'PHP way'.
<?php
echo ' Next';
?>
Use double quotes "something" and surround the variables with curly brackets when they are inside the quotes.
echo " <a href='?p={$current_page+1}'>Next</a>";
You can also use string concatenation, which basically means joining a few strings together:
echo 'something' . 'something else' . $my_variable;
As for escaping, if anywhere inside some quotes you want to insert a quote of the same type (e.g. if you surround your script with double quotes and you want to insert a double quote), you need to escape these quotes by prepending them with a backslash - \.
For example you want to output Text and you have surrounded it in double quotes, you need to escape these double quotes in the HREF attribute by prepending them with a backslash \, so the result should be Text.
The following are valid ways of escaping and displaying characters:
echo "it\" so nice to be here";
echo 'it\'s so nice to be here';
echo "it's so nice to be here"; // Different quotes, no need to escape
echo 'it"s so nice to be here'; // Different quotes, no need to escape
The following will result in an error:
echo 'it's so nice the be here';
Because the PHP interpreter will assume the expression to be ended with the quote found in it's, resulting in the rest of the line being treated is invalid code.
For more information you can read the PHP documentation on the echo() function and this wonderful article on Quotes and Strings as well.
I assume you want to do this:
echo ' Next';
You can try This
$link = ' %s';
printf($link, $current_page - 1, "Prev");
printf($link, $current_page + 1, "Next");
I am going through someone else's code for a very old site and it has a lot of lines like this:
echo '';
I am not familiar with PHP, but having quickly gone through a syntax tutorial, it seems that this command would be printing the contents of the single quotes. However, the single quotes are empty, and there are LOTS of instances like these.
What is the purpose of having these lines, and how did they end up in the code?
You are right, they just print out empty string. I can only guess as to how they got into your code but it is surely safe to delete them.
Single or double quotes are used to denote strings, so with:
echo '';
You are printing empty string essentially nothing.
the only idea i can think of choosing '' vs "" is:
echo '"'; // print "
echo "'"; // print '
Is it possible to pop up window from a json line.
Example, this link works fine:
$json['msg'] = 'Welcome. Please, click here!';
But when I tried to create a pop up for it, it says errors T string parsing, things like that.
For my pop up I tried using:
<script language="javascript" type="text/javascript"><!--function mbetter(url) {
newwindow=window.open(url,'name','height=600,width=550');
if (window.focus) {newwindow.focus()}
return false;}// --></script>
and for link
$json['msg'] = 'Welcome. Please, click here!';
What could be causing this issue?
This is a problem with escaping a string.
$json['msg'] = 'Welcome. Please, click here!';
Should be:
$json['msg'] = 'Welcome. Please, click here!';
Notice how I have escaped the single quotes in your JavaScript with backslashes?
This is described in the PHP manual on the Strings page:
To specify a literal single quote, escape it with a backslash (). To
specify a literal backslash, double it (\). All other instances of
backslash will be treated as a literal backslash: this means that the
other escape sequences you might be used to, such as \r or \n, will be
output literally as specified rather than having any special meaning.
I'm trying to write a php script that will generate a variety of new php pages, but I'm finding that I'm unable to write a square bracket out. When I escape a square bracket in the same way as other characters (ie [ ) the leading \ is written to the new page, which results in code that doesnt work:
echo $row\['Value'\];
When I do not escape the bracket, the page fails, and the same thing happens when I try and substitute asc(91).
I have seen other examples that use code like $row->Value, but I tried that and it didn't work. If anyone can help me output a square bracket, or knows of another method by which I can fetch a value from a row without using one at all, I'd be very grateful
Your echo would appear as an array reference to PHP. Try this:
echo $row, "['Value'];"
assuming that you want the value of $row to be output, and not the literal text $row. If you want the literal text, (e.g. you're trying to build a PHP script on the fly), then either of these should do the trick:
echo '$row[\'Value\'];';
echo "\$row['Value'];";
How about this:
echo sprintf("\$row['%s']", $value); // either scenario
echo sprintf("%s['Value']", $row);
Keep in mind that PHP automatically parses double quote strings ("), and tries to find variabels within. So, the bracket is probably not the issue, the $ variable prefix (coupled with the parser) probably is.
There are a couple other answers that work but I want to elaborate:
The "echo" construct can take a variable or a string. You can't echo a string to the screen in the same way that you do a variable. For example: echo hello; will not behave as you might think. You need to include it in quotes such as echo "hello";
You can also use single quotes. Single quotes and double quotes behave differently. For example:
$foo = "bar";
echo $foo;
echo "$foo";
echo '$foo';
The first will echo "bar", the second will also echo "bar" because PHP looks for variables in double quotes strings. The third will echo '$foo' because PHP does not try to do variable substitution in a single quoted string. So you can do (as #mark-b said):
echo "\$row['Value']";
or
echo '$row[\'Value\']';
Now, that $row->value syntax that you saw, is object notation. It is assuming that $row is an object and not an array. Objects are a whole other ballgame.
You're talking about code generation in your question, so I expect you also want to output the 'echo' statement in the generated code. Assuming you want to save the output into a file so it can be easily executed, you want to use something like fwrite or file_put_contents, I expect. You need to think in terms of strings, which can be a bit tricky when you're seeing code.
Something like this should work:
fwrite($fp, 'echo $row[\'Value\'];'."\n");
Note how the single and double quotes work. \n is resolved to a newline, but anything in the single quotes is treated as a string and is printed as is, apart from \', which should print a literal single quote in the output file.
Hope this helps.