I need help escaping string parameters for a javascript function using PHP -


i dynamically creating anchor calls javascript function. works 1 string parameter not two. believe not escaping quotes around parameters correctly. in search answer came across following 

onclick="alert('<?echo $row['username']?>')"

and next 1 found left me baffled

echo('<button type="button" id="button'.$ctr.'"onclick="showmapsinfo(\''.str_replace("'", "\\'", $maps_name).'\', \''.str_replace("'", "\\'", $ctr).'\');"><img src="img/maps_logo.gif"></button><br/>');

if please

  1. explain why single quotes around username not have escaped?

  2. where there "dummies" write on escaping characters try decipher second example.

let's examine first example

onclick="alert('<?echo $row['username']?>')"

the important part here is, outside of <? … ?> pure html , never looked @ php interpreter. therefore, part relevant php code inside <? … ?>, namely echo $row['username']. here, 1 not need escaping.

your second example, in contrast

echo('<button type="button" id="button'.$ctr.'"onclick="showmapsinfo(\''.str_replace("'", "\\'", $maps_name).'\', \''.str_replace("'", "\\'", $ctr).'\');"><img src="img/maps_logo.gif"></button><br/>');

is written purely in php, no surrounding html. therefore, have careful quotes. let's build scratch see happens here. when build this, start with

echo('<button type="button" id="button1" onclick="showmapsinfo(\'...\');"><img src="img/maps_logo.gif"></button><br/>');

because single quotes used string delimiters, must escaped inside string \'. part inside javascript function. put simpler, above code boils down to

echo('showmapsinfo(\'...\');');

which results in

showmapsinfo('...');

when want insert dynamic parts instead of '...' part, need end string ' , concatenate .. suppose wanted insert variable $foobar in there, write:

echo('showmapsinfo(\''.$foobar.'\');');

which results in

showmapsinfo('<value of $foobar>');

your example not insert $foobar string, rather following expression:

str_replace("'", "\\'", $maps_name).'\', \''.str_replace("'", "\\'", $ctr)

which uses str_replace in order again escape content, little twist: not escaped php, resulting javascript! every single quote ' becomes escaped single quote \' in output, need write \\' because backslash needs escaped itself, in order produce backslash output.


Comments

Post a Comment

Popular posts from this blog

JQuery Autocomplete without using label, value, id -

is possible have jquery autocomplete work without using conventional id,label,value? for instance, not wish use: [ { "id": "botaurus stellaris", "label": "great bittern", "value": "great bittern" }, { "id": "asio flammeus", "label": "short-eared owl", "value": "short-eared owl" }] but rather: [ { "my_id": "botaurus stellaris", "first_name": "great bittern", "last_name": "great bittern" }, { "my_id": "asio flammeus", "first_name": "short-eared owl", "last_name": "short-eared owl" }] so like, jquery autocomplete takes id,value,label , can make take my_id, first_name, last_name , make jquery autocomplete treat same id,label,value ? this might useful, when don't wish modify data's keys coming datasource, display on jquery autocomplete. ...
Read more

c++ - Accessing inactive union member and undefined behavior? -

i under impression accessing union member other last 1 set ub, can't seem find solid reference (other answers claiming it's ub without support standard). so, undefined behavior? the confusion c explicitly permits type-punning through union, whereas c++ ( c++11 ) has no such permission. c11 6.5.2.3 structure , union members 95) if member used read contents of union object not same member last used store value in object, appropriate part of object representation of value reinterpreted object representation in new type described in 6.2.6 (a process called ‘‘type punning’’). might trap representation. the situation c++: c++11 9.5 unions [class.union] in union, @ 1 of non-static data members can active @ time, is, value of @ 1 of non-static data members can stored in union @ time. c++ later has language permitting use of unions containing struct s common initial sequences; doesn't permit type-punning. to determine whether union type-punning is allowe...
Read more

JAVA - what is the difference between void and boolean methods? -

i new java. writing wrapper-library in java make functions available in basic-like language. i got stock @ point when noted code not executed in java-library although compiler did not complain (using eclipse). resolved replacing code follows: public void videoquality(int vquality) //did not work into public boolean videoquality(int vquality) //works here complete code-snippets: public void videoquality(int vquality) //did not work {if (vquality==16) { vidquality=16; } else if (vquality==-16) { vidquality=-16; } else if (vquality==0) { vidquality=0; } else vidquality=-16; vitamioext.setvideoquality(vidquality); } public boolean videoquality(int vquality) //works {if (vquality==16) { vidquality=16; } else if (vquality==-16) { vidquality=-16; } else if (vquality==0) { vidquality=0; } else vidquality=-16; vitamioext.setvideoquality(vidquality); return true; } i think void corresponds sub in visual basic while boolean corresponds function. i found odd following code worked using...
Read more