0

I am using like

$myPage .= '<td><a href=\'javascript:editProduct('
    .$row['id']
    .',"'
    .$row['name']
    .'")\'>Edit</a></td>';

where $row['name'] has quotes in its value. it breaks. how do i solve the issue both from php side and js side...

$row['name'] is value from DB. and it will have value like pradeep's and pradeep"s also

i used like

$myPage .= '<td><a href=\'javascript:editProduct('.addslashes($row['id']).',"'.addslashes($row['name']).'")\'>Edit</a></td>';

it solves the issue of double quotes. but when i have single quotes in value the javascrit link looks like

javascript:editProduct(28,"pradeep\

it actually breaks..

And how do i strip down the slashes added by addslashes in javascript..

UPDATE - FINAL CODE

$myPage .= '<td><a href=\'javascript:editProduct('.$row['id'].',"'.htmlentities($row['name'],ENT_QUOTES).'")\'>Edit</a></td>';

and js looks like 

function editProduct(id,name){
        alert(name);
        }

can any one solve my issues

Improve this question
2
  • Not sure if I understood your question, but it seems you have to scape quotes on $row['name'] before using it. Commented May 4, 2011 at 6:58
  • Don't forget that single and double quotes aren't the only problem characters for this type of code, you also need to escape backslashes, carriage-returns, new-lines, line-feeds, maybe tab characters...(depending on your data, of course: you may be sure that some of those characters won't ever occur) Commented May 4, 2011 at 7:54

2 Answers 2

Reset to default
2

Try:

$myPage .= "<td><a href='javascript:editProduct({$row['id']},\""
           . htmlentities( $row['name'] )
           . "\")'>Edit</a></td>";

htmlentities default behaviour is to convert double quotes and leave single quotes alone, if you require converting single and double quotes, then call it like this:

htmlentities( $row[ 'name' ], ENT_QUOTES )

Also, using { .. } in "..." strings is the correct way to substitute variables.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

@Oerd - i guess u did not get my question properly. please see my question again.
@pradeep you're right, I was too quick on the trigger, then I guess your choice is wrapping $row['name'] in a call to htmlentities.
@Oerd - but when i have value like pradeep"s the function is becoming like javascript:editProduct(28,"pradeep"s") which is breaking the function.its not escaping the double quotes
@pradeep htmlentities( 'pradeep"s' ) will output pradeep&quot;s
@Oerd - i get error like Error: missing ) after argument list Source File: javascript:editProduct(29,"p"s") Line: 1, Column: 18 Source Code: editProduct(29,"p"s")
|
0

The PHP string

'<a href=\'javascript:editProduct('.$row['id'].',"'.$row['name'].'")\'>';

outputs (assuming some values)

<td><a href='javascript:editProduct(123,"abc")'></td>

Presumably it breaks if $row['name'] contains a " quote. You could replace such quotes with a \" in the string before you output it using str_replace('"', '\"', $row['name'])

Improve this answer

2 Comments

y cant i use addslashes instead of str_replace("'", "\'", $row['name']) u have used
@pradeep addslashes works too. I don't like it because I stay clear of anything to do with magic quotes, but it's fine.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.