PHP - Escaping Strings With Dbl And Sgl Quotes
I've got a file with some strings that have both types of quotes in them. And I seem to have managed to get the data, display it in my html, store it in a js array (using a json_encode in php and then simply inserting it into my js) but I cannot seem to pass the string as a parameter form an onclick function call to js.
For most strings the addslashes makes it work in the function call. But for those with both sets of quotes it won't work. My console tells me there are "unterminated string constants..". I've experimented with many silly changes but none make it work.
Ex. of the strings:
What do you mean "It's crooked"?
Of course I could remove the contraction and that would probably work, but that would be a hack, would not it?
Similar TutorialsHi, newbie here. Could someone show me how to properly escape the quotes in this code so it works properly? I'm having major problems with it, thanks. echo "<td style="background-color:#fff" onMouseover="this.style.backgroundColor='#ff9900';" onMouseout="this.style.backgroundColor='#fff';">" I have a paragraph in a text in my data table column with apostrophes and heights, like, "He'll likely grow beyond 6'6"."
I've tried addslashes($update), but it's not working. (At another time I thought I had something like that.) Is there something that will take care of it short of typing \ before every instance I use quotes, the using stripslash? hello; my webhost made a change to my php.ini file yesterday. since then php is escaping single quotes that it receives from flash. Code: [Select] //-- AS3 var myVariables:URLVariables = new URLVariables(); myVariables.pvs_params = "'h'e'l'l'o" ; var myURLRequest:URLRequest = new URLRequest("mysql_task_mgr.php"); myURLRequest.data = myVariables ; myURLRequest.method = "get" ; navigateToURL( myURLRequest, '_blank' ) ; Code: [Select] //-- php print( $_GET[ "pvs_params" ] ) ; // --> \'h\'e\'l\'l\'o any thoughts? my webhost is stumped; This code only works in firefox <a onMouseout='hidetooltip()' onMouseover='tooltip(\"<img src=img/heroes/$hero.gif\")' href='hero.php?hero=$hero'>Text</a> Btw, I use this in echo (php). How to get quotes (triple) on <img src= ? I also have tried <img src='img/heroes/$hero.gif' But only works on FireFox Quotation marks are confusing me.
What do you guys use when it comes to quotation marks?
In HTML attributes and throughout the bodies of my web pages, I use the HTML entity ("). For example:
<a href="" title="Read "Article Name""> <p>In his new book, he says: "This is a quote."</p>I thought that this is the best practice. However, today, I read that it's perfectly safe to use straight quotes (") in the body, and that I should use the HTML entity only in HTML attributes. Is that correct? But what if I want to use curly quotes in the body instead of straight quotes? Should I always use the HTML entities for curly quotes (“ and ”), or can I also safely use the characters (“”)? I heard that straight quotes are safe in all browsers, even if you don't specify the character set of your web pages, but that curly quotes are only safe if you specify the character set or if you use the HTML entities. Is that true? And what about the <q> tag? Apparently, it's compatible with all browsers but they treat it differently. Edited by Fluoresce, 30 August 2014 - 07:37 AM. Hello everyone! This is my first post. I am very new to php and mysql and coding in general. It has not been made 100% clear to me as to when I should use single quotes, double quotes, and {}. From what I gather you use single quotes for literal interpretation... so if you put something like a variable in single quotes and echoed it, it would literally echo it as it is written and not the value of the variable. in double quotes, I gather that it will echo the value of the variable. as for {} I am unclear as to when to use the curly brackets for a variable. I am assuming if you had a statement in single quotes and you put a variable in curly brackets you would get the value of the variable?
Edited by LazerOrca, 25 November 2014 - 11:20 PM. The fancy-looking quotes won't insert into my DB, so I'm trying to convert them to %93 & %94 or normal quotes.
Nothing I've tried works.
Code:
$fancy=" “test” "; $fixed=htmlentities($old, ENT_QUOTES); echo "fancy: $fancy<br>"; echo "fixed: $fixed"; Results: fancy: “test” fixed: I want $fixed to be %93test%94, or even "test" would work. Edited by rwmaho, 18 October 2014 - 01:28 PM. I don't think I've asked this before have I?? can someone give me an internet KB that gives me all scenarios that warrant using singles or doubles? as in, wrapping values, variables, and why I need to do either, and when, etc, etc....? thanks Edited March 29 by ajetrumpetA problem has arisen which puzzles me. I have forms which save data to MySql and retrieve it, showing it as the default data in the form. Naturally I escape any quotes before sending it to the database and remove the slashes when I retrieve it. But the form HTML code shows the data like this value="$variable" which is fine when only single quotes are used in the data but causes a problem when the user uses double quotes. So data of John \"Jack\" Smith would be output as value="John "Jack" Smith" with obvious problems. If I use value='...' then that would cause problems with single quotes. I haven't seen the answer in any of my books. The only things I can think of is changing all double quotes to single before saving to DB or converting them with htmlspecialcharacters so they are no longer actual quotes. Do I need to escape variables passed via link? Is it possible that someone does an SQL Injection via unescaped $_GET variable? (Yes I am using it in an SQL query, not inserting it into a DB tho) I have a table with two columns A and B. I'm submitting a form where the user selects different checkboxes. Column A contains the values of all the checkboxes. I want to, after the form is submitted, using the array of values of randomly checked checkboxes, search the table for the corresponding values in column B. Then display the values of selected checkboxes and their cosesponding values from column B. First I did an implode() on the array of submitted checkbox values, Code: [Select] $list = "'".implode("','", $_POST['Ref'])."'"; then did a mysql_real_escape_string on that. Code: [Select] for($i=0;$i<$count;$i++) { $list = mysql_real_escape_string($list[$i]); } I got a Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established for each row of $list. What am I doing wrong? Hello! I'm very new to PHP, and I'm sure this is a noob question - still, its got me stuck! How would I best escape this properly? $resizeObj = new resize('C:\xampp\htdocs\images_test\$file'); so that $file is parsed? the whole script is as follows: Code: [Select] <?php // *** Include Nathan's class include("resize-class.php"); // Define the full path to your folder from root $path = 'C:\xampp\htdocs\images_test'; // Open the folder $dir_handle = @opendir($path) or die("Unable to open $path"); // Loop through the files while ($file = readdir($dir_handle)) { if($file == "." || $file == ".." || $file == "index.php" ) continue; // *** 1) Initialise / load image $resizeObj = new resize('C:\xampp\htdocs\images_test\$file'); // *** 2) Resize image $resizeObj -> resizeImage(100, 100, 'auto'); // *** 3) Save image $resizeObj -> saveImage('C:\xampp\htdocs\images_test\$file', 90); echo "<a href=\"$file\">$file</a><br />"; echo $path; } // Close closedir($dir_handle); ?> Im getting a syntax error caused by the first line. How do I properly escape the code? echo "<tr class="'.$colors[$i++ % 2].'"> <td align=center nowrap>($phone1) XXX-$phone2</td> <td align=center nowrap>$overall</td> <td align=center nowrap>$hygiene</td> <td align=center nowrap>$attitude</td> <td align=center nowrap>$ethnicity</td> <td align=center nowrap>$body</td> <td align=center nowrap>$city</td> <td align=center nowrap>$user</td> <td align=center nowrap>$date</td> <td align=center nowrap>$comment</td> </tr>"; I've got this code and it works fine. All I want to do is, when people click on the x to delete something they submitted erroneously, I want a confirmation...really want to delete this? (sometimes that x is too tempting you know) But I *think* I'm having trouble escaping the line (near bottom): onsubmit='".return confirm('Really Delete');."' I'm not sure if it will work anyhow...but right now it doesn't. Thanks for any suggestions. <code> <?php include '../php/config_conn.php'; $querysum = "SELECT SUM(total_time) FROM `coop_hours` where user = '".$_SESSION['user_name']."'"; $resultsum = mysql_query($querysum); $arr = mysql_fetch_row($resultsum); $resulthours = $arr[0]; $querytime = "SELECT * FROM `coop_hours` WHERE user = '".$_SESSION['user_name']."' ORDER BY `date_completed`"; $result = mysql_query($querytime); $num = mysql_num_rows($result); mysql_close(); echo "<table width='1000' cellpadding='0' cellspacing='0' border='0'><tr> <td width='200'><strong>Coop Job</strong></td> <td align=center width='200'><strong>Date Completed</strong></td> <td align=center width='120'><strong>Total Time</strong></td> <td width='380'><strong>Comments</strong></td> <td width='100'>Delete Entry</td></tr>"; $i=0; while ($i < $num) { $hours_id = mysql_result($result, $i, "hours_id"); $user = mysql_result($result, $i, "user"); $coop_job = mysql_result($result, $i, "coop_job"); $date_completed = mysql_result($result, $i, "date_completed"); $start_time = mysql_result($result, $i, "start_time"); $end_time = mysql_result($result, $i, "end_time"); $total_time = mysql_result($result, $i, "total_time"); $comments = mysql_result($result, $i, "comments"); echo "<tr><td>$coop_job</td> <td align=center>$date_completed</td> <td align=center>$total_time</td> <td>$comments</td> <td align=center valign='middle'> <form action='".php/del.php."' method='".post."' onsubmit='".return confirm('Really Delete');."'> <input type='".hidden."' name='".hours_id."' value='".$hours_id."'> <input TYPE='image' SRC='images/del.png' width='11' height='11' border='0' alt='Delete'> </form> </td> </tr>"; $i++; } echo "<tr><td colspan=5><hr></td></tr>"; echo "<tr><td></td><td align=right>Total hours:</td><td align=center>$resulthours</td><td></td></tr>"; echo "<table>"; ?> </code> Hi guys I am encoding JSON in PHP but want to know how to escape ' and " thats in the content? Thanks Hi, I have set up a simple function so that when a user enters a title in a php form, php gives the first letter of each word a capital letter. As follows: function caps($text){ $search_text=$text; $search_text=ucwords(strtolower($search_text)); $look_for = "(a"; $change_to = "(A"; $changed_text = str_replace($look_for, $change_to, $search_text); $search_text=$changed_text; $look_for = "(b"; $change_to = "(B"; $changed_text = str_replace($look_for, $change_to, $search_text); $search_text=$changed_text; $look_for = "(c"; $change_to = "(C"; //...etc...etc.. up to $look_for = "(z"; $change_to = "(Z"; $changed_text = str_replace($look_for, $change_to, $search_text); $search_text=$changed_text; return $search_text; } The trouble is, if I were to enter the following "The secret of DNA", my function would return "The Secret Of Dna" (removes the caps). Any ideas how to get around this would be most useful. Thanks in advance. Russ Hi Php Freaks I am trying to escape variable but I am lost. I am sure that it is easy. can anyone help ta Code: [Select] $y="\\$GLOBALARRAY = array( \n"; echo $y; Quote from: Mike Solstice on April 14, 2011, 12:24:45 AM Ok, that works if I run it CLI or though phpMyAdmin, but won't if I try it in php Code: [Select] $remcomma = "UPDATE top_train SET deaths = replace( replace(field_name, ',', ''), '"', '' )"; mysql_query($remcomma); I assume because of the quotes used in the regex. I tried escaping the " Code: [Select] $remcomma = "UPDATE top_train SET deaths = replace( replace(field_name, ',', ''), '\"', '' )"; mysql_query($remcomma); Which broke it altogether. Anyone have any ideas? Thanks! Moved here since that thread was marked as solved & it's more of a PHP issue at this point anyway. Any & all help is greatly appreciated! I am passing this value: Quote \\"''"""\""\\\\""""''''\"""\\\""''""""'/'/'/\"'\'\\'\\''\\''''' the the following code is not handling it correctly: $data = mysql_real_escape_string(strip_tags(htmlspecialchars($data))); here is what it looks like when the server gets it: Quote \\"''"""\""\\\\""""''''\"""\\\""''""""'/'/'/\"'\'\\'\\''\\''''' and here is after the code executes: Quote \\\\"\'\'"""\\""\\\\\\\\""""\'\'\'\'\\"""\\\\\\""\'\'""""\'/\'/\'/\\"\'\\\'\\\\\'\\\\\'\'\\\\\'\'\'\'\ Notice if I have Quote \' it bugs out. |