PHP试图逃脱单引号
[英]PHP trying to escape single quotes
问题描述
I'm creating a music player. 
我正在创造一个音乐播放器。 But the PHP just messes up filenames that have a singlequote in it. 但是PHP只会弄乱其中有单引号的文件名。 How can I fix this? 我怎样才能解决这个问题?
The first code is my current PHP. 第一个代码是我目前的PHP。 The second code is how i want the output to be. 第二个代码是我想要输出的方式。
// integer starts at 0 before counting
$i = 0;
$dir = 'music/';
if ($handle = opendir($dir)) {
while (($file = readdir($handle)) !== false) {
if (!in_array($file, array('.', '..')) && !is_dir($dir.$file))
echo "<span class='song' id='".$file."' onClick='playSong(\"".addslashes($file)."\");'>".$file."</span><br />";
}
}
At first I did HTML, But now I want to use PHP so i can just drag songs into a folder and they get automaticly added to the list. 起初我做了HTML,但现在我想使用PHP,所以我可以将歌曲拖到文件夹中,然后自动添加到列表中。
This is how the HTML was, which is how I want the output from the PHP to be. 这就是HTML的方式,这就是我想要PHP输出的方式。
<span id="Martin Garrix - Animals" onClick="playSong('Martin Garrix - Animals');">Martin Garrix - Animals</span>
<br />
<span id="TryHardNinja - Doin' it grand" onClick="playSong('TryHardNinja - Doin\' it grand');">TryHardNinja - Doin' it grand</span>
<br />
<span id="TryHardNinja - Calling All Ghosts" onClick="playSong('TryHardNinja - Calling All Ghosts');">TryHardNinja - Calling All Ghosts</span>
5 个解决方案
解决方案1
2 已采纳 2014-01-02 14:56:52
Just change the quotes around: 只需更改周围的报价:
echo '<span class="song" id="'.$file.'" onClick="playSong(\''.addslashes($file).'\');">'.$file.'</span><br />';
PS: I'm also not really sure, if you need the addslashes . PS:如果你需要addslashes ,我也不太确定。
解决方案2
0 2014-01-02 14:56:59
Use the HTML ASCII code for the single quote: 使用HTML ASCII代码进行单引号:
'
http://www.ascii.cl/htmlcodes.htm http://www.ascii.cl/htmlcodes.htm
解决方案3
0 2014-01-02 14:58:57
You say: 你说:
But the PHP just messes up filenames that have a singlequote in it.
But you code itself is adding the slashes via addslashes in this line: 但是你自己编写代码就是通过此行中的addslashes添加斜杠:
echo "<span class='song' id='".$file."' onClick='playSong(\"".addslashes($file)."\");'>".$file."</span><br />";
Looking at your HTML it seems that the reason you are adding addslashes might be connected to your HTML tag parameters (ie: class='song' & such) having single quotes in them. 看看你的HTML似乎你添加addslashes的原因可能与你的HTML标签参数有关(即: class='song'等),其中包含单引号。 So I would recommend you use double quotes on them & just remove the addslashes entirely: 所以我建议你在它们上使用双引号并完全删除addslashes :
echo '<span class="song" id="'.$file.'" onClick="playSong("'.$file.'");'>'.$file.'</span><br />';
Or you can use preg_replace instead of addslashes to change all single quotes in your $file string to be the ASCII HTML entity for it ( ' ) instead: 或者您可以使用preg_replace而不是addslashes将$file字符串中的所有单引号更改为它的ASCII HTML实体( ' ):
echo "<span class='song' id='".$file."' onClick='playSong(\"".preg_replace('/\'/', ''', $file)."\");'>".$file."</span><br />";
解决方案4
0 2014-01-02 15:10:26
而不是使用addslashes ,使用htmlentities ,这也避免了很多无关的麻烦,例如当你有不是英文的歌曲标题时的不同编码。
echo '<span class="song" id="'.$file.'" onClick="playSong(\''.htmlentities($file, ENT_QUOTES, 'UTF-8').'\');">'.htmlentities($file, ENT_QUOTES, 'UTF-8').'</span><br />';
解决方案5
0 2014-01-02 15:13:31
As mentioned in How to escape only single quotes? 正如如何逃避单引号? , use json_encode(), which is injection-safe: ,使用json_encode(),这是注入安全的:
$my_str = json_encode("using single quote here: '",JSON_HEX_APOS);
echo $my_str;
this gives you the output: 这给你输出:
using single quote here: \u0027
which works the same as \\' in JavaScript. 它的工作原理与JavaScript中的相同。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.