A
A
Andrey2020-06-17 17:26:51
PHP
Andrey, 2020-06-17 17:26:51

How to safely specify a string parameter when generating JS in PHP?

I came across this line in the old code and thought about it, but how to do it right here and so as not to get confused with quotes?

How to process $loginOriginal value so as not to break js syntax in html syntax.

//  $loginOriginal строка, понятное дело, в ней может быть что угодно
 // В переменной "собираются" атрибуты html
 $login .= " style=\"cursor:pointer\""
                ." onclick=\"chat.addTo('".addslashes($loginOriginal)."')\"";

Answer the question

In order to leave comments, you need to log in

2 answer(s)
N
Nadim Zakirov, 2020-06-17
@zkrvndm

Do you know what I usually do in such cases, so as not to get confused in all this mishmash of brackets? I save all JavaScript functions in separate files and, if necessary, simply insert them through file_get_contents("function_name.js") and then I don't have to worry about escaping. By analogy, you can store everything in the database if you need speed.

N
nokimaro, 2020-06-18
@nokimaro

it seems to me that this option should cover all cases if the $loginOriginal string

htmlspecialchars(json_encode($loginOriginal), ENT_QUOTES, "UTF-8")

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question