How to escape string in onClick="function(string)" - javascript

I have to echo a string that could contain everything into the following html line:
...
I don't know how to properly escape the string I pass with php, there seem to be many problems and json_encode is not working as it wraps the output in double quotes which is not working as the double quotes already begin after "onclick=".
Just replacing single quotes also doesn't work as "\'" would be replaced to "\'".
Any ideas?

you can use addslashes() function.
Try this:
<?php
$str = addslashes('What does "yolo" mean?');
echo($str);
?>

Use PHP addslashes function:
...

As none of the answers worked, I had a closer look at the problem and came up with this solution:
function clean_param($string){
// escapes all single quotes and backslashes
$single_qu_esc = addcslashes($string, "'\\");
// escapes the resulting string for html
return htmlentities($single_qu_esc, ENT_QUOTES);
}

you can wrap your string with htmlspecialchars, that should do the job.
...

Related

escape the characters php with javascript inside,correct syntax quotes

how should be the correct syntax of quotes for this piece of code ?
<?php
$cod="<div id='id1' onclick='xmlhttpPost(index.php?ajax="'this.id'") class='divazienda'>".$row[0];
?>
my problem is that I do not take the result of this.id of the js
Try this:
$cod="<div id=\"id1\" onclick=\"xmlhttpPost('index.php?ajax=' + this.id);\" class=\"divazienda\">".$row[0];
Escape double quotes (for each of the div attributes) as they are within the php double quotes
As you are passing a string with the current element id into the onclick function - the string part needs to be in quotes and the variable part needs to be out of the quotes

Put HTML Code to input field

I have this row that gives me an error because the value contains HTML Code.
document.getElementById(\'longstory\').value = \''.$row['longstory'].'\';
Is there any easy way to like encode it during passing and then when showing it in my value
<textarea class="form-control" id="longstory" name="longstory" placeholder="Longstory"></textarea><br />
to get it show as HTML for the user in the end?
Try this:
echo "document.getElementById('longstory').value = " . json_encode(html_entity_decode($row['longstory'])) . ";";
html_entity_decode() will interpret HTML entity codes in the value, converting them into normal PHP characters. Then the output of json_encode() will be Javascript syntax for the value.
The problem isn't that it contains HTML, the problem is that it contains characters that aren't permitted in a Javascript string, such as unescaped quotes and literal newlines. json_encode encodes everything properly.
Try use the htmlspecialchars and addslashes functions before passin to the js.
document.getElementById(\'longstory\').value = \''.addslashes($row['longstory']).'\';

carriage return encoding

through queries to a Database I am retrieving such data that I previously inserted through HTML textarea or input. When I get the response from my DB , in a JSON object the text field looks like this :
obj : {
text : [some_text] ↵ [some_text]
}
I tried to replace with this function :
string_convert = function(string){
return string.replace("&#8629",'<br>')
.replace('&crarr','<br>')
.replace('/[\n\r]/g','<br>');
}
I have to show this string in HTML ,but it does not seems to work. I'm using UTF-8
Any advice?
The problem you have is that you have enclosed your regex in quotes. This is incorrect.
.replace('/[\n\r]/g','<br>');
^ ^
remove these two quotes
The quotes are unnecessary because the regex is already delimited by the slashes.
By putting quotes in there, you've actually told it that you want to replace a fixed string rather than a regular expression. The fixed string may look like an expression, but with the quotes, it will just be seen as a plain string.
Remove the quotes and it will be seen as an expression, and it will work just fine.
One other thing, though -- in order to make your regex work perfectly, I'd also suggest modifying it slightly. As it stands, it will just replace all the \n and \r characters with <br>. But in some cases, they may come together as a \r\n pair. This should be a single line break, but your expression will replace it with two <br>s.
You could use an expression like this instead:
/\r\n|\n|\r/g
Hope that helps.
you are missing the ending semicolons ; in your code:
string_convert = function(aString){
return aString.replace("↵",'<br>').replace('↵','<br>');
}
this does not necessary solve your problem, but it could likely.
From: Trying to translate a carriage return into a html tag in Javascript?
text = text.replace(/(\r\n|\n|\r)/g,"<br />");

Check to see if string contains quotes, and if it does, place an escape '\' before

I need to parse strings for single and double quotes, and if the string does contain them, I need to add an escape slash before. What would be the most efficient way? Is there a way to use a regex to check this through a function?
Absolutely!
​var str = 'abcd"\'efg"hij';
alert(str.replace(/(\"|\')/g, '\\$1'));​​​​​​​​​​​​​​​​​​​​​​​​ // alerts abcd\"\'efg\"hi
Could be something like that:
str.replace(/["']/g,"\\$&");
str.replace(/(\"|\')/g, "\\$1");

Replace Single Quotes in Javascript or JQuery

i have an Html String in which i have some elements having single quotes.When i put this inside a $('varHtml'); Since the varHtml already contains some single quotes it qives an error, Can Somebody help me how to Escape the single quotes in the varHtml
Thanks in Advance
Thomson
If you have a HTML string in a variable, then you don't need to put it in quotes:
var varHtml = "<div id='foo'></div>";
$(varHtml);
javascript lacks something like an htmlencode to run client side. So you will have to use one of the script libraries. You can try this jQuery solution:
http://www.edentity.ca/WhoWeAre/Blog/Easy-Client-Side-html-EncodeDecode-using-jQuery.aspx
Or you could simply use a javascript string replace function like the one explained here: http://www.w3schools.com/jsref/jsref_replace.asp. Replace ' with ' or the HTML code you prefer. Reference: http://www.degraeve.com/reference/specialcharacters.php

Categories