I need help escaping string parameters for a javascript function using PHP -


i dynamically creating anchor calls javascript function. works 1 string parameter not two. believe not escaping quotes around parameters correctly. in search answer came across following 

onclick="alert('<?echo $row['username']?>')"

and next 1 found left me baffled

echo('<button type="button" id="button'.$ctr.'"onclick="showmapsinfo(\''.str_replace("'", "\\'", $maps_name).'\', \''.str_replace("'", "\\'", $ctr).'\');"><img src="img/maps_logo.gif"></button><br/>');

if please

  1. explain why single quotes around username not have escaped?

  2. where there "dummies" write on escaping characters try decipher second example.

let's examine first example

onclick="alert('<?echo $row['username']?>')"

the important part here is, outside of <? … ?> pure html , never looked @ php interpreter. therefore, part relevant php code inside <? … ?>, namely echo $row['username']. here, 1 not need escaping.

your second example, in contrast

echo('<button type="button" id="button'.$ctr.'"onclick="showmapsinfo(\''.str_replace("'", "\\'", $maps_name).'\', \''.str_replace("'", "\\'", $ctr).'\');"><img src="img/maps_logo.gif"></button><br/>');

is written purely in php, no surrounding html. therefore, have careful quotes. let's build scratch see happens here. when build this, start with

echo('<button type="button" id="button1" onclick="showmapsinfo(\'...\');"><img src="img/maps_logo.gif"></button><br/>');

because single quotes used string delimiters, must escaped inside string \'. part inside javascript function. put simpler, above code boils down to

echo('showmapsinfo(\'...\');');

which results in

showmapsinfo('...');

when want insert dynamic parts instead of '...' part, need end string ' , concatenate .. suppose wanted insert variable $foobar in there, write:

echo('showmapsinfo(\''.$foobar.'\');');

which results in

showmapsinfo('<value of $foobar>');

your example not insert $foobar string, rather following expression:

str_replace("'", "\\'", $maps_name).'\', \''.str_replace("'", "\\'", $ctr)

which uses str_replace in order again escape content, little twist: not escaped php, resulting javascript! every single quote ' becomes escaped single quote \' in output, need write \\' because backslash needs escaped itself, in order produce backslash output.


Comments

Post a Comment

Popular posts from this blog

javascript - backbone.js Collection.add() doesn't `construct` (`initialize`) an object -

<!doctype html public "-//w3c//dtd xhtml 1.0 strict//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-strict.dtd"> <html> <head> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> <script src="http://documentcloud.github.com/underscore/underscore-min.js"></script> <script src="http://documentcloud.github.com/backbone/backbone-min.js"></script> </head> <body> <button id="cmd_create_event" name="cmd_create_event" type="button">create new `event`</button> <script type="text/javascript"> var eventmodel = backbone.model.extend({ initialize : function() { console.log("`event` initialized. id: " + this.cid); this.bind("change:status", function() { console.log(this.get("status") + " value `status`"); }); this.bind("error", function(model, e...
Read more

c++ - Accessing inactive union member and undefined behavior? -

i under impression accessing union member other last 1 set ub, can't seem find solid reference (other answers claiming it's ub without support standard). so, undefined behavior? the confusion c explicitly permits type-punning through union, whereas c++ ( c++11 ) has no such permission. c11 6.5.2.3 structure , union members 95) if member used read contents of union object not same member last used store value in object, appropriate part of object representation of value reinterpreted object representation in new type described in 6.2.6 (a process called ‘‘type punning’’). might trap representation. the situation c++: c++11 9.5 unions [class.union] in union, @ 1 of non-static data members can active @ time, is, value of @ 1 of non-static data members can stored in union @ time. c++ later has language permitting use of unions containing struct s common initial sequences; doesn't permit type-punning. to determine whether union type-punning is allowe...
Read more

php - Get uncommon values from two or more arrays -

is there function in php give array of uncommon values 2 or more arrays? for example: $array1 = array( "green", "red", "blue"); $array2 = array( "green", "yellow", "red"); .... $result = function_needed($array1, $array2,...); print_r($result); should give output: array("blue", "yellow", ...); use array_diff , array_merge : $result = array_merge(array_diff($array1, $array2), array_diff($array2, $array1)); here's demo. for multiple arrays, combine callback , array_reduce : function unique(&$a, $b) { return $a ? array_merge(array_diff($a, $b), array_diff($b, $a)) : $b; } $arrays = array( array('green', 'red', 'blue'), array('green', 'yellow', 'red') ); $result = array_reduce($arrays, 'unique'); and here's demo of that.
Read more