Page 1 of 1

escaping characters...

Posted: Tue Jun 22, 2004 7:37 am
by davidklonski
Hello

I have a php page with the following line:

Code: Select all

<img src="face.gif" onmouseover="func('<?php print $name; ?>')">
I am using double quotes to enclose the onmouseover value.
I am using single quotes around the name because the func function expects a string.
The problem is that the $name variable may also contain quotes (single or double), and that causes the generated javascript code to misbehave.

I tried using htmlspecialchars & htmlentities but, I am still getting generated code like so:

Code: Select all

<img src="face.gif" onmouseover="func('Guy's name')">
What can I do?

thanks

Posted: Tue Jun 22, 2004 7:42 am
by redmonkey

Posted: Tue Jun 22, 2004 7:55 am
by Grim...
Why does this say '0' replies (it will probably say 1 now).

Posted: Tue Jun 22, 2004 7:55 am
by Grim...
Aw, the forum is busted :(

Posted: Tue Jun 22, 2004 8:47 am
by lostboy
if you are using php to echo out the line, just add some slashes before the double quotes

Code: Select all

echo "<img src="face.gif" onmouseover="func('Guy's name')">";
If you are not using PHP to echo it out, so its parts of the normal html / js outside of the <? ?> tags, then you don't need to worry about it