How do I escape only single quotes

Question

I am writing some JavaScript code that uses a string rendered with PHP  How can I escape single quotes  and only single quotes  in my PHP string    lt script type  text javascript  gt          myElement   html  say hello to  lt  php echo  mystringWithSingleQuotes   gt      lt  script gt

User · Answer

I am not sure what exactly you are doing with your data, but you could always try:

$string = str_replace("'", "%27", $string);

I use this whenever strings are sent to a database for storage.

%27 is the encoding for the ' character, and it also helps to prevent disruption of GET requests if a single ' character is contained in a string sent to your server. I would replace ' with %27 in both JavaScript and PHP just in case someone tries to manually send some data to your PHP function.

To make it prettier to your end user, just run an inverse replace function for all data you get back from your server and replace all %27 substrings with '.

Happy injection avoiding!

User · Answer

In some cases  I just convert it into ENTITIES                              i e     x  ABC DEFGH IJKL  x   str ireplace         amp apos     x    x   str ireplace         amp bsol     x    x   str ireplace         amp quot     x     On the HTML page  the visual output is the same   ABC DEFGH IJKL   However  it is sanitized in source

User · Answer

You can use the addcslashes function to get this done like so   echo addcslashes  text

User · Answer

Use the native function htmlspecialchars  It will escape from all special character  If you want to escape from a quote specifically  use with ENT COMPAT or ENT QUOTES  Here is the example    str    Jane  amp   Tarzan    echo htmlspecialchars  str  ENT COMPAT      Will only convert double quotes echo   lt br gt     echo htmlspecialchars  str  ENT QUOTES      Converts double and single quotes echo   lt br gt     echo htmlspecialchars  str  ENT NOQUOTES      Does not convert any quotes   The output would be like this   Jane  amp amp   Tarzan  lt br gt  Jane  amp amp   amp  039 Tarzan amp  039  lt br gt  Jane  amp amp   Tarzan    Read more in PHP htmlspecialchars   Function

User · Answer

I wrote the following function  It replaces the following   Single quote     with a slash and a single quote        Backslash     with two backslashes       function escapePhpString  target         replacements   array                    gt                             gt                    return strtr  target   replacements       You can modify it to add or remove character replacements in the  replacements array  For example  to replace  r n  it becomes   r n       r n  and   n       n           With new line replacements too     function escapePhpString  target         replacements   array                    gt                             gt                        r n    gt     r  n                 n    gt     n             return strtr  target   replacements       The neat feature about strtr is that it will prefer long replacements   Example   Cool r nFeature  will escape  r n rather than escaping  n along

User · Answer

After a long time fighting with this problem  I think I have found a better solution   The combination of two functions makes it possible to escape a string to use as HTML   One  to escape double quote if you use the string inside a JavaScript function call  and a second one to escape the single quote  avoiding those simple quotes that go around the argument   Solution   mysql real escape string htmlspecialchars  string     Solve    a PHP line created to call a JavaScript function like      echo    onclick  javascript function       mysql real escape string htmlspecialchars  string

User · Answer

str replace             mystringWithSingleQuotes

User · Answer

Here is how I did it  Silly  but simple    singlequote         picturefile   getProductPicture  id    echo showPicture    singlequote  picturefile  singlequote       I was working on outputting HTML that called JavaScript code to show a picture

User · Answer

To replace only single quotes  use this simple statement    string   str replace              string

User · Answer

If you want to escape characters with a    you have addcslashes    For example  if you want to escape only single quotes like the question  you can do   echo addcslashes  value          And if you want to escape          and nul  the byte null   you can use addslashes     echo addslashes  value

User · Answer

Quite simply  echo str replace                myString   However  I d suggest use of JSON and json encode   function as it will be more reliable  quotes new lines for instance     lt  php  data   array  myString    gt            gt    lt script gt     var phpData    lt  php echo json encode  data    gt      alert phpData myString    lt  script gt

[php] How do I escape only single quotes?

Examples related to php

Examples related to escaping