tricking javascript to accept ' after removing sql's slashes

JavaScript and client side scripting.

Moderator: General Moderators

Post Reply
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

tricking javascript to accept ' after removing sql's slashes

Post by m3rajk »

i'm having a bit of a problem with that.
original, very flawed, code

Code: Select all

foreach($desires as $desire){
    $frnd=$desire['fun']; $comm=stripslashes($desire['cof']);
    echo "      <br><a href="profile.php?un=$frnd" target="_parent" onMouseOver="window.status='$comm'; return true;">$frnd</a>\n";
  }
change i made to try to get it to give javascript ''

Code: Select all

foreach($desires as $desire){
    $frnd=$desire['fun']; $comm=preg_replace("/''/", "\\''", stripslashes($desire['cof']));
    echo "      <br><a href="profile.php?un=$frnd" target="_parent" onMouseOver="window.status='$comm'; return true;">$frnd</a>\n";
  }
yet this still gives it to javascript as '
any suggestions?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

then why using stripslashes in the first place?
javascript can handle both \" and '' within a literal - and even \\

Code: Select all

<html>
	<head>
		<script type="text/javascript">
			function testit()
			&#123;
				var mytext = '\\ "D''Artagnan" \'';
				alert(mytext);
			&#125;
		</script>
	</head>
	<body>
		<button onClick="testit();">click</button>
	</body>
</html>
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

because i'm not sure what else would be slashed out for sql since i know it also does stuff for null values and some others.
Post Reply