Try this:

尝试这个：

document.getElementById("img").innerHTML = '<img src="/sitepath/' + imgg + '.jpg" width="72" height="44" onclick="alert(\'hello\');" />';

If you use apostrophes as delimiter for the HTML attributes, you have to HTML encode the apostrophes that you put inside the attribute:

如果使用撇号作为 HTML 属性的分隔符，则必须对放在属性中的撇号进行 HTML 编码：

document.getElementById("img").innerHTML="< img src='/sitepath/"+imgg+".jpg' width='72' height='44' onclick='alert(&#39;hello&#39;);' />";

I prefer using apostrophes as string delimited in Javascript and quotation marks as delimiters for HTML attributes. Then you just escape the apostrophes that you have inside the Javascript string:

我更喜欢使用撇号作为 Javascript 中分隔的字符串和引号作为 HTML 属性的分隔符。然后，您只需转义 Javascript 字符串中的撇号：

document.getElementById("img").innerHTML='< img src="/sitepath/'+imgg+'.jpg" width="72" height="44" onclick="alert(\'hello\');" />';

To put any string inside a Javascript, inside an HTML attribute, inside a string in Javascript, you do:

要将任何字符串放入 Javascript 中、HTML 属性中、Javascript 中的字符串中，您可以执行以下操作：

• escape any string delimiters in the string
• HTML encode the Javascript code
• escape any string delimiters in the HTML string

• 转义字符串中的任何字符串分隔符
• HTML 编码 Javascript 代码
• 转义 HTML 字符串中的任何字符串分隔符

You have JavaScript inside HTML inside JavaScript. That's naturally confusing. Better to avoid the string-slinging problems of quoting and escaping (which, got wrong, can easily lead to security holes when user-submitted data is used), and do it the DOM way:

你在 JavaScript 中的 HTML 中有 JavaScript。这自然令人困惑。更好地避免引用和转义的字符串吊索问题（这是错误的，在使用用户提交的数据时很容易导致安全漏洞），并使用 DOM 方式：

var img= new Image();
img.src= '/sitepath/'+imgg+'.jpg';
img.width= 72;
img.height= 44;
img.onclick= function() {
    alert('hello');
};
document.getElementById('img').appendChild(img);

I tried using Escape character ("\") but it didnt help

我尝试使用转义字符（“\”），但没有帮助

Javascript is different from C#, you just use it twice at a time, example: alert('We are\\'t going to go')

Javascript 与 C# 不同，你只需一次使用它两次，例如： alert('We are\\'t going to go')

what if someone needs to send a variable instead of a string "hello"? Something like this:

如果有人需要发送一个变量而不是字符串“hello”怎么办？像这样的东西：

function showContent(toPopulate) { 
      document.getElementById(toPopulate).innerHTML = "<a href='javascript:showOtherContent(*toPopulate*);'>show</a>"
}

function showOtherContent(toPopulate) {...}

so how to send toPopulate as a variable to showOtherContent()?

那么如何将 toPopulate 作为变量发送到 showOtherContent()？

The above is solved like this:

上面是这样解决的：

document.getElementById(toPopulate).innerHTML = "<a href='javascript:showOtherContent(\"" + toPopulate + "\");'>show</a>"

You will need to use the double quotes and escape it in the onclick attribute

您将需要使用双引号并将其转义到 onclick 属性中

document.getElementById("img").innerHTML="<img src='/sitepath/"+imgg+".jpg' width='72' height='44' onclick=\"alert('hello');\" />";

It doesn't matter if your outer quotes are single or double. You can escape a character within an outer string with a backslash... \' becomes ' within the string itself. Either Darin's or Masood's example will work. But Masood is ignorant in reference to a need to use double-quotes as the outside enclosure.

您的外部引号是单引号还是双引号都没有关系。您可以使用反斜杠对外部字符串中的字符进行转义... \' 在字符串本身中变为 '。Darin 或 Masood 的示例都将起作用。但马苏德对使用双引号作为外部外壳的需要一无所知。