I have a problem with mongo $text $search a phrase. So i want to create a $search phrase from my variable. $search phrase should look like this: "\"search\"". So in javascript we can escape quote and backslash just adding one more slash: '\\\"search\\\"'. But if we print or pass it somewhere we will get different results in different environments. In browser we will get '\"search\"' in node js (5.x) we will get this '\\"search\\". What is the matter?
My final goal is built $search string for using in mongoDB $text operator. Maybe somebody can help me with it or with my question above.
(I know it's late, but I want to answer in case someone will find this page looking for a way to solve this problem)
You don't have to write it with the right Javascript format. Just leave it as it is in MongoShell
db.collection.find({$text:{$search:'\"search\"'}}, function...
So, a good way to approach a generic string is
var search = "generic phrase to search";
search = '\"' + search.split(' ').join('\" \"') + '\"';
db.collection.find({$text:{$search:search}}, function...
Hope it's helpful.
Related
I'm having some trouble using backticks and I'm wondering if anyone can help me. I have the code below which allows me to output multiple responses. The trouble is, when I put a comma after target="_blank">here` it doesn't allow me to add further phrases. I have attempted using a backspace before the backtick to break out of it but no luck. Here is my code, I'm using Javascript and HTML.
<script>
function talk(){
var know ={
"How does this work":"I can help you find what you're looking for.",
"how does this work":"I can help you find what you're looking for.",
"contact":`You can contact us by clicking here`
};
var user = document.getElementById('userBox').value;
document.getElementById('chatLog').innerHTML = user + "<br>";
if(user in know){
document.getElementById('chatLog').innerHTML = know[user] + "<br>";
}else{
document.getElementById('chatLog').innerHTML = "I do not understand.";
}
}
</script>
To clarify, I'm needing something like this: (but obviously the comma doesn't work)
"How does this work":"I can help you find what you're looking for.",
"how does this work":"I can help you find what you're looking for.",
"contact":`You can contact us by clicking here`,
"help":`You can find help by clicking here`
As you know the use of " & ' should corresponded to each other
Double quotes around attribute values are the most common in HTML, but single quotes can also be used.
In some situations, when the attribute value itself contains double quotes, it is necessary to use single quotes:
<p title='John "ShotGun" Nelson'>
Or vice versa:
<p title="John 'ShotGun' Nelson">
The backslash (\) escape character turns special characters into string characters .
If there are extra symbols in between you can use \ backslash before them so that they don't interfere with the code and treated as symbols like this :
<p title="John \'ShotGun\' Nelson you\'re a good\\bad person">
It will be displayed like this :
John 'ShotGun' Nelson you're a good\bad person
Refer to this for more about backslash
In a small forum, any user can save posts. Sometimes those posts include words surrounded by quotes ( " " ). This gives me an error when I try to handle those strings with javascript.
I wrote some jquery code that uses the django variable like this:
new_text = "{{text|safe}}";
$("#text_p").text(new_text);
if I mark it as "safe" then javascript gives me a syntax error:
the text "(error here)word between quotes" the user posted
This is logical because javascript understands the quotes like this:
new_text = "this is the text "word between quotes" the user posted"
So, if I don't mark it as "safe" and let django escape the text, it doesn't give me an error, but the text looks like this:
the text "word between quotes" the user posted
I don't know what to do, and I guess it may not be simple cause if I use single quotes to declare the javascript variable, I will have the same problem when the user posts a text with single quotes. If I use a regex to replace double quotes and not mark the text as "text|safe", then other tags will be escaped and the text will be full of "<br />" etc.
I have an idea that may work but is ugly and probably not the best option:
including the text in a <p class = "hidden"> tag and then calling it using jquery.
So, the question is, how do I solve this?, is there a better way?
Thanks in advance for your help.
EDIT:
I created a Runnable to explain it better.
Use escapejs filter.
Example:
{{ string|escapejs }}
Ok, I found a partial solution, hope it helps someone in the future. It is not an elegant solution, so, if anyone has a better option, it will be welcomed.
I included the text that has a "quoted" word inside a html hidden tag.
python-django:
text_with_quotes = 'this is a text and a word between "quotes"'
html:
<p id = "new_text" class = "hidden"> {{text_with_quotes|safe}}</p>
js:
new_text = $("#new_text").text();
$("#text_p").text(new_text);
it works. But there may be a better option using javascript and/or python.
Paraphrasing...
OK i have information in a database it reads: This is random text with a "random quote"
$var = 'This is random text with a "random quote"'
onClick="show(\''.$var.'\')
but when displayed (viewing source) it shows:
onclick="show('This is random text with a " random="" quote"')
I have tried mysqli_real_escape_string and str_replace, str_replace works if i am removing the "
Any help, alterations or reworks I would be grateful its driving me nuts right now.
If this for an HTML context, you should be using " to escape those. This is done with the htmlspecialchars function.
If you want it as a JavaScript string, use json_encode on the string.
mysqli_real_escape_string should be used only for database calls, and only as a last resort. Remember, parameterized queries are the best way to compose SQL statements.
You really shouldn't need to ever set an onclick event directly. A library like jQuery has much better ways of doing this:
$('#my_element').click(function() { show('...'); });
Try this,
<script>
function show(str)
{
alert(str);
}
</script>
<?php
$var = "This is random text with a \'random quote\'";
echo 'click';
?>
Try: addslashes($var). It should add slashes to the quotes so they are escaped in the javascript.
I'm trying to create a string that can be parsed into JSON. The string is dynamically created based on the content in a CMS.
That content could contain HTML markup with double quotes, which confuses the JSON parser. So, I need to replace the double quotes in the HTML with " without replacing the double quotes which are actually a part of the JSON structure.
My Idea is to wrap the HTML inside markers, which I could use to identify everything between these markers as the quotes I want to replace.
For instance the string I want to parse into JSON could look like this...
str = '{"key1":"XXX<div id="divId"></div>YYY", "key2":"XXX<div id="divId"></div>YYY"}';
So, I want to replace every double quote between a XXX and a YYY with a ".
Something like...
str = str.replace(/XXX(")YYY/g, '"');
Hope that made sense. Thanks for any suggestions.
Given Stack Overflow's "we don't do your homework" principles, I don't think I'm going to work through the whole solution, but I can give you some pointers in half-finished code.
var xySearch = /this regex should find any text between XXX...YYY/g;
// note the g at the end! That's important
var result;
var doubleQuoteIndices = [];
// note the single-equals. I avoid them when possible inside a "condition" statement,
// but here it sort of makes sense.
while (result = xySearch.exec(str)) {
var block = result[0];
// inside of the block, find the index in str of each double-quote, and add it
// to doubleQuoteIndices. You will likely need result.lastIndex for the absolute position.
}
// loop backwards through str (so that left-side replacements don't change right-side indexes)
// to replace the characters at each doubleQuoteIndices with the appropriate HTML.
I kind of find that as great as regex's are for certain patterns, having the programming language do some of the work is often the best solution.
I have a form where users can enter any HTML.
var title = "Cool Check This"
As you can see, the variable is having " but it can be also '. It causes an error if there is ". What is better way to fix this? Storing escaped string in database like below?
$title = str_replace('"', "'", $_REQUEST['title']); // Replace double quote with single quote as js variable above is wrapped with double quotes.
Or escape it before showing on page? Anything in jQuery like escape that can help here?
var title="Cool Check This"
Well, you cannot escape it using JavaScript because JavaScript needs to see what you want to escape and you want to escape that. If you use PHP, you can use addslashes() prior to inserting into JavaScript.
Anyways, you should be careful of allowing to insert any HTML. Wrongly escaped HTML (like allowing to insert <script>) can allow to do various dangerous stuff, like stealing all cookies.