在传递给 Javascript 之前,如何在 PHP 中转义引号和已经转义的引号?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5647242/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to escape quotes and already escaped quotes in PHP before passing to Javascript?
提问by Lawyerson
There are many questions about escaping single and double quotes but I have had no luck finding an answer that solves my particular problem.
有很多关于转义单引号和双引号的问题,但我没有找到解决我的特定问题的答案。
I have a PHP function that dynamically returns an image with an onClick event that calls a Javascript function with the name of an object as an argument like so:
我有一个 PHP 函数,它动态返回一个带有 onClick 事件的图像,该事件调用一个以对象名称作为参数的 Javascript 函数,如下所示:
$response = "<img src=\"images/action_delete.gif\" onClick=\"confirmDelete("'" . $event->getName() . "'")\"/>"";
The Javascript function should display a confirmation dialogue at some point like this:
Javascript 函数应该在某个时候显示一个确认对话框,如下所示:
confirm('Delete event ' + name + ' ?')
How should I format $response in PHP to make sure the Javascript confirm won't mess up when the user enters a name containing ' or " or \' or \" ?
我应该如何在 PHP 中格式化 $response 以确保当用户输入包含 ' 或 " 或 \' 或 \" 的名称时 Javascript 确认不会搞砸?
回答by nicja
You could escape any quotes in php using htmlspecialchars or htmlentities, however this doesn't solve the issue of single quotes, even if ENT_QUOTES is set.
您可以使用 htmlspecialchars 或 htmlentities 对 php 中的任何引号进行转义,但这并不能解决单引号的问题,即使设置了 ENT_QUOTES。
Doing a little testing I see the following should work, although it may not be very elegant:
做一些测试我看到以下应该工作,虽然它可能不是很优雅:
$name = htmlentities(str_replace("'", "\'", $event->getName()));
$response = "<img src=\"images/action_delete.gif\" onClick=\"confirmDelete('" . $name . "')\"/>";
Hope that helps
希望有帮助
回答by ThiefMaster
Process the string using json_encode(). That will ensure it's a valid JavaScript expression.
使用 处理字符串json_encode()。这将确保它是一个有效的 JavaScript 表达式。
回答by mplungjan
Very safe alternative which also gives you the hand cursor for free
非常安全的替代方案,它还免费为您提供手形光标
<script>
function confirmDelete(idx) {
if (confirm(document.getElementById("msg"+idx).innerHTML)) {
location="delete.php?idx="+idx;
}
return false
}
<span id="msg1" style="display:none"><?PHP echo $event->getName(); ?></span>
<a href="#" onClick="return confirmDelete(1)"><img src="images/action_delete.gif" style="border:0" /></a>
回答by Jerry
Another solution worked for me, if you have single quotes, double quotes, slashs and backslashes in your input string :
另一个解决方案对我有用,如果您的输入字符串中有单引号、双引号、斜杠和反斜杠:
$output = htmlentities(str_replace(array(chr(92), "'"), array(chr(92) . chr(92), "\'"), $input));
with something like :
像这样:
onClick=\"confirmDelete('" . $output . "')\"
Thanks to nicja !
感谢尼佳!
