Page 1 of 1

tricking javascript to accept ' after removing sql's slashes

Posted: Wed Oct 29, 2003 1:20 pm
by m3rajk
i'm having a bit of a problem with that.
original, very flawed, code

Code: Select all

foreach($desires as $desire){
    $frnd=$desire['fun']; $comm=stripslashes($desire['cof']);
    echo "      <br><a href="profile.php?un=$frnd" target="_parent" onMouseOver="window.status='$comm'; return true;">$frnd</a>\n";
  }
change i made to try to get it to give javascript ''

Code: Select all

foreach($desires as $desire){
    $frnd=$desire['fun']; $comm=preg_replace("/''/", "\\''", stripslashes($desire['cof']));
    echo "      <br><a href="profile.php?un=$frnd" target="_parent" onMouseOver="window.status='$comm'; return true;">$frnd</a>\n";
  }
yet this still gives it to javascript as '
any suggestions?

Posted: Wed Oct 29, 2003 1:33 pm
by volka
then why using stripslashes in the first place?
javascript can handle both \" and '' within a literal - and even \\

Code: Select all

<html>
	<head>
		<script type="text/javascript">
			function testit()
			&#123;
				var mytext = '\\ "D''Artagnan" \'';
				alert(mytext);
			&#125;
		</script>
	</head>
	<body>
		<button onClick="testit();">click</button>
	</body>
</html>

Posted: Wed Oct 29, 2003 2:41 pm
by m3rajk
because i'm not sure what else would be slashed out for sql since i know it also does stuff for null values and some others.