What characters need to be escaped when echoing Javascript in PHP?

Question

I'm trying to echo out the Javascript for the Google AdWords conversion tracking code within a PHP if statement. I've done a bunch of googling but can't seem to find a definitive list of what characters I'd need to escape to have the code execute properly. Anybody have suggestions?

This first bit of code is the beginning of the if statement that calls an include with the conversion code snippet:

if ( @mailit ) {
include ("conversioncodes.php");

This is the contents of conversioncodes.php that includes the code snippet that I'm trying to figure out how to escape properly. The goal is to have the conversion code track the conversion when the conditions of the if statement is met.

echo "<!-- Google Code for Homepage Form Submit Conversion Page -->
<script type="text/javascript">
<!--
var google_conversion_id = XXXXXXXXXX;
var google_conversion_language = "en";
var google_conversion_format = "3";
var google_conversion_color = "ffffff";
var google_conversion_label = "XXXXXXXXXXXXXXX";
var google_conversion_value = 0;
//-->
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"&gt;
</script>
<noscript>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/XXXXXXXXXX/?label=XXXXXXXXXXXXXXXXXXX&amp;amp;guid=ON&amp;amp;script=0"/&gt;
</div>
</noscript>";

Answer 1

Assuming you're using PHP 5.3+, just use a NOWDOC and no parsing will be done, so you won't have to escape anything:

echo <<<'ENDMARKER'
<!-- Google Code for Homepage Form Submit Conversion Page -->
<script type="text/javascript">
<!--
var google_conversion_id = XXXXXXXXXX;
var google_conversion_language = "en";
var google_conversion_format = "3";
var google_conversion_color = "ffffff";
var google_conversion_label = "XXXXXXXXXXXXXXX";
var google_conversion_value = 0;
//-->
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"&gt;
</script>
<noscript>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/XXXXXXXXXX/?label=XXXXXXXXXXXXXXXXXXX&amp;amp;guid=ON&amp;amp;script=0"/&gt;
</div>
</noscript>
ENDMARKER;

Answer 2

Perhaps just break out of php? This way you'll also keep the syntax highlighting as clear as you can.

?>
<!-- Google Code for Homepage Form Submit Conversion Page -->
<script type="text/javascript">
<!--
var google_conversion_id = XXXXXXXXXX;
var google_conversion_language = "en";
var google_conversion_format = "3";
var google_conversion_color = "ffffff";
var google_conversion_label = "XXXXXXXXXXXXXXX";
var google_conversion_value = 0;
//-->
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"&gt;
</script>
<noscript>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/XXXXXXXXXX/?label=XXXXXXXXXXXXXXXXXXX&amp;amp;guid=ON&amp;amp;script=0"/&gt;
</div>
</noscript>
<?php

Just as a side-note, keep in mind that the element that you're really missing here is a robust way of providing some kind of template. Templates make dealing with php so much cleaner, separates the presentation logic from the business logic. I highly recommend at least using separated php files as templates, if not using a full blown template engine.

Answer 3

Just use single quotes instead.

echo '<!-- Google Code for Homepage Form Submit Conversion Page -->
<script type="text/javascript">
<!--
var google_conversion_id = XXXXXXXXXX;
var google_conversion_language = "en";
var google_conversion_format = "3";
var google_conversion_color = "ffffff";
var google_conversion_label = "XXXXXXXXXXXXXXX";
var google_conversion_value = 0;
//-->
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"&gt;
</script>
<noscript>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/XXXXXXXXXX/?label=XXXXXXXXXXXXXXXXXXX&amp;amp;guid=ON&amp;amp;script=0"/&gt;
</div>
</noscript>'

Off: Single quotes are several times faster than double quotes, and by several I mean a LOT.

Answer 4

I got all confused on the same problem a while ago. The general answer is really not trivial.

I gave up and rewrote my code to use json_encode() which sorted it all out very easily. And the rewrite was quick too. I'd have saved myself a lot of time had I thought of it sooner.

Package up in an object or array the data you need give to your JS script, json_encode() it and write that.