JavaScript 函数参数中的单引号转义
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8744315/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Single quote escape in JavaScript function parameters
提问by Daniele Di Punzio
I need to escape single quotes in JavaScript function parameters to avoid this:
我需要在 JavaScript 函数参数中转义单引号以避免这种情况:
onclick="Javascript:INSERT_PRODUCT('188267','WILL AND GRACE','32311','L'ANNIVERSARIO DINOZZE ','20101113|04|18|','13/11/2010 0.00.00','CANALE 5 ',this);"
But I need to escape them inside a function call since I do not know the values that will be passed (db variables I can't escape from the database).
但是我需要在函数调用中转义它们,因为我不知道将传递的值(db 变量我无法从数据库中转义)。
Is there a function that allows me to do something like the following?
有没有一个功能可以让我做类似下面的事情?
onclick="Javascript:function(escape(param1), escape(param2), escape(param3));"
回答by Mike Samuel
JSON.stringify(plainTextStr).replace(/&/, "&").replace(/"/g, """)
will produce a string you can safely embed in a quoted attribute and which will have the same meaning when seen by the JavaScript interpreter.
将生成一个字符串,您可以安全地嵌入到带引号的属性中,并且在 JavaScript 解释器看到时具有相同的含义。
The only caveat is that some Unicodenewlines (U+2028 and U+2029) need to be escapedbefore being embedded in JavaScript string literals, but JSON only requires that \rand \nbe escaped.
唯一需要注意的是,某些Unicode换行符(U+2028 和 U+2029)在嵌入 JavaScript 字符串文字之前需要进行转义,但 JSON 仅需要\r并\n进行转义。
回答by Iain M Norman
Escape the apostrophe with a backslash:
用反斜杠转义撇号:
onclick="INSERT_PRODUCT('188267','WILL AND GRACE ','32311','L\'ANNIVERSARIO DI NOZZE ','20101113|04|18|','13/11/2010 0.00.00','CANALE 5 ',this);"
回答by tim
It's maybe not totally clear from the question, but assuming that all you want is to send this to a PHP script for storing in a database, you of course would ideally utilize PHP's various methods such as stripslashes()-- but if you're really not trying to get too fancy, simply adding 1 slash in front of any single quote is enough to send a SQL query right into PHP from the client-side. It's not safe, but maybe not necessary either.
从问题中可能并不完全清楚,但假设您想要的只是将其发送到 PHP 脚本以存储在数据库中,那么您当然会理想地使用 PHP 的各种方法,例如stripslashes()- 但如果您真的不尝试太花哨了,只需在任何单引号前添加 1 个斜杠就足以从客户端将 SQL 查询直接发送到 PHP 中。这不安全,但也许也没有必要。
str.replace(/'/g, "\'"); // escaping \ with \, so used 2x
does the trick., like for example in something like this:
有诀窍。,例如在这样的事情中:
var body = $('#body').val().replace(/'/g, "\'");
myCustomSQLqueryFunction("UPDATE mytable SET `content`='"+ body +"';" );
MySQL will now store your bodylike you see it in the form field.
MySQL 现在将存储您body在表单字段中看到的内容。
回答by Irrmich
This function worked for me (it removes and restores the quote again): Guessing that the data to be sent is the value of an input element,
这个函数对我有用(它再次删除并恢复引用):猜测要发送的数据是输入元素的值,
var Url = encodeURIComponent($('#userInput').val().replace("'","\'"));
Then get the original text again:
然后再次获取原文:
var originalText = decodeURIComponent(Url);
回答by amit
var cmpdetail = cmpdetail.replace(/'/g, "\'");
its working for me.
它为我工作。
回答by Ronnie Royston
I prefer to use single quote for defining JavaScript strings. Then I escape my embedded double quotes as follows.
我更喜欢使用单引号来定义 JavaScript 字符串。然后我按如下方式转义嵌入的双引号。
This is how I do it, basically str.replace(/[\""]/g, '\\"').
这就是我的做法,基本上str.replace(/[\""]/g, '\\"')。
var display = document.getElementById('output');
var str = 'class="whatever-foo__input" id="node-key"';
display.innerHTML = str.replace(/[\""]/g, '\"');
//will return class=\"whatever-foo__input\" id=\"node-key\"<span id="output"></span>