I am using like
$myPage .= '<td><a href=\'javascript:editProduct('
.$row['id']
.',"'
.$row['name']
.'")\'>Edit</a></td>';
where $row['name'] has quotes in its value. it breaks. how do i solve the issue both from php side and js side...
$row['name'] is value from DB. and it will have value like pradeep's and pradeep"s also
i used like
$myPage .= '<td><a href=\'javascript:editProduct('.addslashes($row['id']).',"'.addslashes($row['name']).'")\'>Edit</a></td>';
it solves the issue of double quotes. but when i have single quotes in value the javascrit link looks like
javascript:editProduct(28,"pradeep\
it actually breaks..
And how do i strip down the slashes added by addslashes in javascript..
UPDATE - FINAL CODE
$myPage .= '<td><a href=\'javascript:editProduct('.$row['id'].',"'.htmlentities($row['name'],ENT_QUOTES).'")\'>Edit</a></td>';
and js looks like
function editProduct(id,name){
alert(name);
}
can any one solve my issues
Try:
$myPage .= "<td><a href='javascript:editProduct({$row['id']},\""
. htmlentities( $row['name'] )
. "\")'>Edit</a></td>";
htmlentities default behaviour is to convert double quotes and leave single quotes alone, if you require converting single and double quotes, then call it like this:
htmlentities( $row[ 'name' ], ENT_QUOTES )
Also, using { .. } in "..." strings is the correct way to substitute variables.
The PHP string
'<a href=\'javascript:editProduct('.$row['id'].',"'.$row['name'].'")\'>';
outputs (assuming some values)
<td><a href='javascript:editProduct(123,"abc")'></td>
Presumably it breaks if $row['name'] contains a " quote. You could replace such quotes with a \" in the string before you output it using str_replace('"', '\"', $row['name'])
Related
$playername = $_GET["playername"];
echo '<img src="https://cravatar.eu/head/SecretAgent5555"/>';
I need what SecretAgent5555 is to be $playername, plz help/
This will do what you need...
echo '<img src="https://cravatar.eu/head/' . $playername . '"/>';
This uses the PHP . string concatenation feature to 'insert' $playername into the img src tag.
You can also use string interpolation by using double quotes, but it requires you to escape the double quotes within, like this.
echo "<img src=\"https://cravatar.eu/head/$playername\"/>";
Because you have opened the string being echoed with the double quotes, to put a double quote within, you need to escape them. This is the \" part within the string.
I have these two lines that I would like to escape the $type variable:
$functionName = str_replace('-', '_', $type);
$output .= '<div class="tab-pane" id="'. $type .'">';
I tried escaping like below but its confusing me and not sure whether thats right:
$output .= '<div class="tab-pane" id="\'. $type .'\">';
Example 1: Variable between single quotes
If you use single quotes everything between them will always be treated as part of the string.
$output .= '<div class="tab-pane" id="' . $type . '">";
Example 2: Variable between double quotes (option 1)
If you have a variable that you want to pass in a string you can just put it in there if you use double quotes and de variable is nog 'touching' the other words. It should always have spaces.
$output .= "<p>i would like to $your_text_here with you.</p>";
Example 3: Escaping quotes in a string
Escaping characters in a string can be done by using a \ (backslash) before the character you want to escape.
$output .= "<div class=\"tab-pane\" id=\"example-id\">";
Example 4: Variable between double quotes without spaces next to it
You can place your variable between {} braces if you use double quotes (option 2)
$output .= "<div class=\"tab-pane\" id=\"{$type}\">";
This question was however already answered in Mixing PHP variable with string literal
Your first block is doing string replacements, but then you use the ORIGINAL string, not the replaced one:
$output .= '<div class="tab-pane" id="' . $functionName . '">';
would be more correct. On the second one, you're escaping the ' quotes, which means that you never terminate the string, meaning that the . $type . portion is treated as plaintext within the string, not a PHP concatenation operation. Try
$output .= '<div class="tab-pane" id="' . $type . '">';
instead. note the LACK of backslash escapes.
And of course, you could use a HEREDOC, eliminating any need to escape quotes entirely:
$output .= <<<EOL
<div class="tab-pane" id="{$functioName}">
EOL;
In this case, you don't need to escape at all. You only escape within the same type of quotes. You don't escape double inside single or single inside double.
So with 'o'reilly' you would escape like 'o\'reily'. But with "o'reilly" you'd just keep it as "o'reilly". But with "He said "hello"" you'd escape "He said \"hello\"". Yet, with 'He said "hello"' you would not escape at all.
But if your $type variable can contain double quotes, you will need to consider that to prevent your HTML from being broken in that case. How you would handle the quotes inside the variable $type would be by replacing the " with its HTML entity equivalent:
$output .= '<div class="tab-pane" id="' . str_replace('"', '"', $type) . '">';
Or use htmlentities() which will do the same replace as well as others.
Note, its the double quotes inside the variable you would want to handle, not to escape the single quotes outside. Because presumably the issue is that if the variable contained double quotes it would break your HTML since you are using double quotes around the value for id:
i.e. id="contents_of_type_variable"
If you had id="contents"_of_type_variable" your HTML would be broken.
So you change that to id="contents"_of_type_variable"
If you're trying to escape something else, it is due to a misunderstanding.
i have this problem i hope some of you can help me with. I try to make a html link that get the link from my database.
echo "<p><pre><a href=$Feed['socialfacebook']><img src=facebook-24.png></a></pre></p>
You need to put the link in '".$variable ."' and the image src should be in ' ', too.
echo "<p><pre><a href='".$Feed['socialfacebook']."'><img src='facebook-24.png'></a></pre></p>";
Double-quoted strings don't work with array elements quite like that. You should close and concatenate the strings.
echo "<p><pre><img src=facebook-24.png></pre></p>"
You might also want to put some quotes on your attributes.
Close your string with a double quote and end your statement with a semi-colon,
When getting array elements inside a string literal like you're doing, leave out the key quotes,
Use single quotes around your attribute in case of any spaces:
echo "<p><pre><a href='$Feed[socialfacebook]'><img src=facebook-24.png></a>";
Eval.in
u need to put the variable $Feed['socialfacebook'] in " . $Feed['socialfacebook'] ."
echo "<p><pre><a href=" . $Feed['socialfacebook'] . "<img src=facebook-24.png></a></pre></p>";
and don't forget the ;
Shouldn't it be:
echo "<p><pre><a href='$Feed["socialfacebook"]'><img src=facebook-24.png></a>";
Don't forget that is href="".
I ran into this code:
function input_text($elem, $val) {
print '<input type = "test" name="' . $elem .'" val="';
print htmlentities($val[elem]) . '"/>';
I m confused about the code: name="' . $elem .'" val="';
print htmlentities($val[elem]) . '"/>'
1) why put single quotes and dot inside double quotes around $elem? Can i just use double quotes like name="$elem".
2) what is the meaning of these code: val="';
print htmlentities($val[elem]) . '"/>'
1) Since the string being printed is surrounded with single quotes, variables are not expanded inside it; variables are only expanded inside double-quoted strings. So concatenation is necessary. If you change it to use double quotes, you could do variable interpolation:
print "<input type='test' name='$elem' val='";
2) There's no special meaning to it. The programmer simply chose to split up the commands to print this piece of HTML into two PHP print statements. So first he prints val=", then he prints htmlentities($val[elem]) . "">>'
The function could be rewritten as:
function input_text($elem, $val) {
print "<input type='test' name='$elem' val='" . htmlentities($val[elem]) . "'/>";
}
You have to use concatenation around htmlentities() -- only variables can be interpolated into strings, not function calls. However, you could assign the value to a variable first if you want:
function input_text($elem, $val) {
$valent = htmlentities($val[elem]);
print "<input type='test' name='$elem' val='$valent'/>";
}
BTW, $val[elem] looks like a typo, it probably should be $val[$elem].
The single quotes in this case denote a string in PHP.
$var = 'This is a String';
The reason they are used in conjunction with the double quotes is because the double quotes must be printed to get the correct HTML output of
<input type="test" name="someName" val="someValue" />
The . operator in PHP is the concatenation operator meaning combine 2 strings into 1.
$var = 'This' . ' and that'; //Evaluates to 'This and that'
Hey guys, I have the following code:
foreach($collection as $img)
{
$image_id = $img['imageid'];
$thumbwidget = wp_get_attachment_image_src($image_id, 'full');
$gallery .= '<a class="fav-image-a" href="http://www.bangstyle.com/haircut-detail/?uid='.$uid.'&img_id='.$image_id.'&ucolid='.$user_id.'&catid='.$col_id.'&theater">';
$gallery .= '<img src="';
$gallery .= thumbGen($thumbwidget[0],259,320,'valing=top');
$gallery .= '">';
$gallery .= '</a>';
}
I think I may have the wrong order of escaping. The rendered variable is not staying within the img src when rendered. I assume it has to do with my escaping somewhere.
The live url can be seen at http://bangstyle.com/test-widget/
You can see what's happening. The rendered elements are on top.
Why the extra quotes inside? What you are producing is this:
<img src="'THUMBWIDGETURL_IS_INSERTED_HERE'">
What you probably want is this:
<img src="THUMBWIDGETURL_IS_INSERTED_HERE">
To do that just remove the extra \':
$gallery .= '<img src="'.$thumbwidgeturl.'">';
Rules to be aware of:
In PHP, both single quotes and double quotes can be used to produce string literals.
Each should be used in a pair and that pair constitutes one string literal. So, in your example you have two string literals and a variable being combined (concatenated) with the dot (.) operator.
Inside single quotes, single quotes need to be escaped, and inside double quotes, double quotes need to be escape. The other type of quotes in each can be used freely without escaping.
Strings inside single quotes are taken as they are, while strings inside double quotes are interpreted for variables.
More information in the PHP docs on Strings.
How about this:
$gallery .= "<img src=\"" . $thumbwidgeturl . "\">";
or even:
$gallery .= '<img src="' . $thumbwidgeturl . '">';