ansaurus

Question

strange quote behaviour in generated html

Answer 1

+1 A:

double quotes instead of single quotes.

SilentGhost 2009-05-05 14:03:27

What is the problem though? Double quotes are escaped where they need to be, and are otherwise only used to break out of the quoted string to concatenate a variable

Joshxtothe4 2009-05-05 14:07:24

string goes from quote to quote. "..." - string with three dots, "...""." - two strings, one with three and another one with one dot.

SilentGhost 2009-05-05 14:17:32

Answer 2

A:

Because you are already inside a " and inside ':

<a href="#" onclick="makewindows('
                   ^^^          ^^^

you need to escape both your single and double quotes inside the variable, for example:

<input (...) value=\\'Submit\\' onclick=\\\"setTimeout

or just run it through an addslashes() function before inserting.

YiSh 2009-05-05 14:11:28

ahhh. Thankyou. Why must I escape single quotes as well?

Joshxtothe4 2009-05-05 14:12:44

It's because in the final HTML you are already inside a single quote - the one that is inside the JS makewindows() function.

YiSh 2009-05-05 14:16:47

addslashes did not help:<a href="#" onclick="makewindows('"<form action='up.php' method='post'\r\nenctype='multipart\/form-data'>\r\n<label for='file'>Filename:<\/label>\r\n<input type='file' name='file' id='file'\/> \r\n<br \/>\r\n<input type='hidden' name='pk' value='380118185183'>\r\n<input type='hidden' name='username' value='janmaybach'>\r\n<input type='submit' name='submit' value='Submit' onclick=\"setTimeout(function() { updateByPk('Layer2', '380118185183', 'Ed Hardy', '1'); } ),1250);\" \/>\r\n<\/form>"'); return false;">Upload files</a>

Joshxtothe4 2009-05-05 14:32:08

Answer 3

A:

Use htmlspecialchars with ENT_QUOTES and json_encode if possible:

echo '<a href="#" onclick="makewindows('.htmlspecialchars(json_encode($uploadhtml), ENT_QUOTES).'); return false;">Upload files</a>';

Edit And now the same in your quotation style:

echo "<p><a href='#' onclick=\"makewindows(".htmlspecialchars(json_encode($uploadhtml), ENT_QUOTES)."); return false;\">Upload files</a>";

You don’t need to surround the value you want to pass to the JavaScript function makewindows as json_encode already returns a valid string expression. And to avoid conflicts with the HTML attribute quotes, I used the htmlspecialchars function with ENT_QUOTES to replace both quote characters by corresponding HTML character references.

Gumbo 2009-05-05 14:15:28

This results in: <a href="#" onclick="makewindows('"<form action='up.php' method='post'\r\nenctype='multipart\/form-data'>\r\n<label for='file'>Filename:<\/label>\r\n<input type='file' name='file' id='file'\/> \r\n<br \/>\r\n<input type='hidden' name='pk' value='380118185183'>\r\n<input type='hidden' name='username' value='janmaybach'>\r\n<input type='submit' name='submit' value='Submit' onclick=\"setTimeout(function() { updateByPk('Layer2', '380118185183', 'Ed Hardy', '1'); } ),1250);\" \/>\r\n<\/form>"'); return false;">Upload files</a> which is not clickable.

Joshxtothe4 2009-05-05 14:25:09

No it doesn’t. You have to leave out the surrounding single quotes as the value returned by `json_encode` is already quoted. Try my example.

Gumbo 2009-05-05 14:27:50

I cant change the quoted string containing the link to single quotes. The string I am using uploadhtml with is much longer, and needs double quotes. When I use your example in the double quoted string the above html is generated.

Joshxtothe4 2009-05-05 14:30:07

I’m not changing the `$uploadhtml` value in any way. Just compare what I wrote to that what you wrote. If I change the quotation style to your’s, both codes look like this: "onclick=\"makewindows(" . […] . ");" – "onclick=\"makewindows('" . […] . "');" Do you see the difference?

Gumbo 2009-05-05 14:59:20

ansaurus

tags:

views:

answers:

strange quote behaviour in generated html

related questions