ansaurus

Question

How to escape and unescape strings with jQuery and mySQL.

Answer 1

A:

You can html encode it. php certainly has something built in, I will look it up.

It looks like

jQuery('#notes').val('<? htmlspecialchars("NOTES"); ?>');

might be what you want.

BioBuckyBall 2010-09-21 17:44:48

The jQuery code is in my html file, can't use PHP stuff.

Atrox 2010-09-21 17:52:22

@Adam No, I suggest using server side PHP to generate javascript, but I don't do much PHP these days and may have gotten syntax wrong

BioBuckyBall 2010-09-21 17:53:10

@Atrox In the html output or in a literal .html file?

BioBuckyBall 2010-09-21 17:56:30

A literal HTML file. I have a php backend, using a templated HTML frontend.

Atrox 2010-09-22 11:53:57

Answer 2

A:

Are you worried about double-escaping? Simply pulling it out of the database won't change any of the characters. How do you pass it from PHP to Javascript? An AJAX request? If you receive the data as text, there shouldn't be any escaping either.

Where you need to be careful is sending it from jQuery back to MySQL via PHP.

Pickle 2010-09-21 17:46:32

so if he puts this string `'some data` where {NOTES} is in that javascript line, what happens?

BioBuckyBall 2010-09-21 17:48:56

If I pass a string with mixed quotes into val(''); it'll break because of the quotes. I need a way to escape them so that they quotes remain, and then unescape them without messing up the function call.

Atrox 2010-09-21 17:53:22

@Atrox yes, I was trying to get @Pickle to see it :)

BioBuckyBall 2010-09-21 17:57:22

Answer 3

+2 A:

Use addslashes() from PHP to escape quotes so they can be used inside JavaScript strings:

jQuery('#notes').val('<?php echo addslashes($your_string); ?>');

From your code I assume you may use some sort of template engine so you should add addslashes where you assign {NOTES}.

If you have newlines inside your data you may need to remove them too as this will break JS string (remove with a PCRE regular expression for example). Another way would be to load your data inside a hidden <div> and then:

jQuery('#notes').val(jQuery('#your-hidden-div-id').html());

Sim 2010-09-21 17:58:12

a serverside language nested inside a client side language? That's awfull in my opinion.

Mark Baijens 2010-09-21 18:11:40

Yes, that's why I have suggested to addslashes() where he is assigning {NOTES}

Sim 2010-09-21 18:14:15

Using the hidden DIV worked perfectly. Thanks a lot for that suggestion.

Atrox 2010-09-22 11:59:59

Answer 4

A:

jQuery('#notes').text('{NODES}')

should escape your string. Im not sure if it works on textearea's but i think so.

You can also try to use the following jQuery plugin:

http://plugins.jquery.com/project/escape

Some code like this should work than:

jQuery('#notes').val($.escape('{NODES}'))

UPDATE

This should work aswell

{NODES}.replace('\'','\\\'');
{NODES}.replace('\"','\\\"');

Mark Baijens 2010-09-21 18:23:07

Yeah, I tried that as well, but I don't want escaped text in the textarea.

Atrox 2010-09-22 11:58:38

ansaurus

tags:

views:

answers:

How to escape and unescape strings with jQuery and mySQL.

related questions