I was provided with a set of data that represents URL links. Such as: "doug'sfood.jpg".
.
I keep these strings in an array, and then select them randomly to display inserting them into an
<img src="doug'sfood.jpg"></img>
What Chrome is putting out is:
<img src="doug'sfood.jpg"></img>
I tried replacing the quotes with a php escaped (\') apostrophe, but this just ended the quote prematurely.
Can someone help me? Thanks.
I think Chrome automatically escapes characters that are not correctly escaped.
Always use:
<img src="quote'quote.jpg" alt="" />
Instead of:
<img src="quote'quote.jpg" alt="" />
Certain characters should always be escaped in HTML, for example:
' -> '
& -> & or &
Check the htmlspecialchars() and urlencode() functions, example:
$string = "quote'quote.jpg";
echo htmlspecialchars($string, ENT_QUOTES);
// quote'quote.jpg
echo urlencode($string);
// quote%27quote.jpg
Anyway, when printing out the filename tags, use urlencode() rather than relying on HTML escapes or browser behaviour:
foreach ($img as $href) {
print '<img src="' . urlencode($href) . '" />';
}
This will become doug%27sfood.jpg in your example (AKA the correct way to do it). Which hopefully can be located by your webserver.
Related
I have a problem with PHP preg_match function.
In CMS DLE, I try to extract a picture from the news (image-x), but in the module I'm referring to via a direct link.
//remove <p></p> tags
$row[$i]['short_story'] = str_replace( "</p><p>", " ",$row[$i]['short_story'] );
//remove the \" escapes (DLE put it in the MySQL column)
$row[$i]['short_story'] = str_replace("\\\"", " ", $row[$i]['short_story']);
//remove all tags except <img>, but there remains a simple text that is stored without tags
$row[$i]['img'] = strip_tags($row[$i]['short_story'], "<img>");
//try to find <img> (by '>'), to remove the simple text;
preg_match(".*>", $row[$i]['img'], $matches);
// print only <br/> (matches is empty)
print_r($matches."<br/>\n");
for example print_r($row[$i]['img']) is
<img src="somelink" class="fr-fic" fr-dib="" alt=""> Some text
And i need only
<img src="somelink" class="fr-fic" fr-dib="" alt="">
Your regex pattern to selecting <img> is incorrect. Use /<img[^>]+>/ in pattern instead. The code should change to
preg_match("/<img[^>]+>/", $row[$i]['img'], $matches);
Also you can use preg_replace() to removing additional text after <img>
preg_replace("/(<img[^>]+>)[\w\s]+/", "$1", $string)
I have a link that is sent throw some PHP code:
echo "<a href='" . $galerry . "#" . apastro(get_title($primid)) . "' class='linkorange'>voir sa galerie</a>";
$galerry links to another page.
get_title($primid) is the id of a specific element in $galerry page.
And the mechanism works fine until one of the elements id has a single quote in it. Which makes sense as it would interrupt the echo function.
This is why I have the apastro function:
function apastro($phrase){
$phrase1 = str_replace("'", "\'", $phrase);
return $phrase1;
}
Yet, the \ before the single quote isn't helping...
So let's say the link redirects to the element with id="l'aro" on the page something.php. Then the URL will be something.php#l\.
it would interrupt the echo function
It wouldn't. It would break a string literal delimited by ' characters, but your string literal is delimited with " characters. In this case, it is breaking the HTML attribute value which is delimited by ' characters.
\ is not an escape character for URLs or HTML.
Use urlencode to make a string safe to put into a URL.
Use htmlspecialchars to make a string safe to put into an HTML attribute.
$title = get_title($primid);
$urlsafe_title = urlencode($title);
$url = $galerry . "#" . $urlsafe_title;
$htmlsafe_url = htmlspecialchars($url, ENT_QUOTES | ENT_HTML5);
echo "<a href='$htmlsafe_url' class='linkorange'>voir sa galerie</a>";
If you're looking to escape single quotes only, use double backslashes, as follows
$str = str_replace("'", "\\'", $str);
So I've created a CMS that takes text input. This is how the data is used when I grab it from the database.
echo "<img src=" . $row['image_url'] . " alt=" . $row['caption'] . ">";
Now the problem is, whenever there's a comma or a semi colon, php treats it as part of the code and the page ends up either not rendering well or completely breaking with errors like
Parse error: syntax error, unexpected '=' in
I've tried using htmlspecialcase() when posting the data to the MySQL database but it didn't fix the problem.
EDIT: The main problem is with the alt part not the src part.
When you're using double quotes (") to create a string literal and in that string literal you want to use double quotes ("), then you may escape those double quotes (") to form a valid string.
echo "<img src=\"" . $row['image_url'] . "\" alt=\"" . $row['caption'] . "\">";
You can try like that:
<img src="<?php echo $row['image_url'];?>" alt="<?php echo $row['caption'];?> ">
Hey guys, I have the following code:
foreach($collection as $img)
{
$image_id = $img['imageid'];
$thumbwidget = wp_get_attachment_image_src($image_id, 'full');
$gallery .= '<a class="fav-image-a" href="http://www.bangstyle.com/haircut-detail/?uid='.$uid.'&img_id='.$image_id.'&ucolid='.$user_id.'&catid='.$col_id.'&theater">';
$gallery .= '<img src="';
$gallery .= thumbGen($thumbwidget[0],259,320,'valing=top');
$gallery .= '">';
$gallery .= '</a>';
}
I think I may have the wrong order of escaping. The rendered variable is not staying within the img src when rendered. I assume it has to do with my escaping somewhere.
The live url can be seen at http://bangstyle.com/test-widget/
You can see what's happening. The rendered elements are on top.
Why the extra quotes inside? What you are producing is this:
<img src="'THUMBWIDGETURL_IS_INSERTED_HERE'">
What you probably want is this:
<img src="THUMBWIDGETURL_IS_INSERTED_HERE">
To do that just remove the extra \':
$gallery .= '<img src="'.$thumbwidgeturl.'">';
Rules to be aware of:
In PHP, both single quotes and double quotes can be used to produce string literals.
Each should be used in a pair and that pair constitutes one string literal. So, in your example you have two string literals and a variable being combined (concatenated) with the dot (.) operator.
Inside single quotes, single quotes need to be escaped, and inside double quotes, double quotes need to be escape. The other type of quotes in each can be used freely without escaping.
Strings inside single quotes are taken as they are, while strings inside double quotes are interpreted for variables.
More information in the PHP docs on Strings.
How about this:
$gallery .= "<img src=\"" . $thumbwidgeturl . "\">";
or even:
$gallery .= '<img src="' . $thumbwidgeturl . '">';
So i have in my mysql
'UAB "Litofcų kontora"'
When i try to put it in input like this
<input type="text" value="UAB "Litofcų kontora""> it don't display whole thing because of the quotes how to make that only quotes replace with a html code?
tried htmlentities and htmlspecialchars but it converts ų to but i need that to be the way it's don't covert.
You have (only) to replace all " with " before outputing the input value. E.g. with str_replace:
$sInputValue = str_replace('"', '"', $sValueFromDb);
echo '<input type="text" value="' . $sInputValue . '">';
Also see this php exmaple and the resulting html example.
It looks like your problem is that the data has been encoded for HTML but only for use as a text node.
The solution therefore is to convert it from HTML to text, and then convert it back to HTML - but in a fashion suitable for putting in an attribute.
preg_replace_callback code from this comment in the PHP manual because html_entity_decode appears to not support numeric entities.
$input = 'UAB "Litofcų kontora"';
$attribute_safe = htmlspecialchars(
html_entity_decode(
preg_replace_callback(
"/(&#[0-9]+;)/",
function($m) { return mb_convert_encoding($m[1], "UTF-8", "HTML-ENTITIES"); },
$input
)
)
);
echo $attribute_safe;