PHP MySQLi转义引号

Question

I am using PHP/mysqli to read in comments, but various comments in the table have either a single quote or a double quote.

I am storing the comments in a data-attribute. Using the Chrome console, I can see where the quote is throwing the whole code out of whack.

 <?php
   echo "<td><a href='' class='comment' data-toggle='modal' data-comment='".htmlentities($row[comment])."'>" . $row[partner_name] . "</a></td>";
 ?>

As you can see in the code above, I tried to use htmlentities. I also tried addslashes and a combination of the two.

Either way, I still can't get the comment to display properly because of the quote inside the mysql table.

Is there another PHP function that I can use to fix this?

Directly above is a screen shot from the Chrome console. Right after the words POTENTIAL 53 there is a single quote that is throwing my code off. All the other orange text is being read as HTML when it's supposed to be part of the comment.

There has to be a way to read the single quote as part of the string.

Answer 1

Well, there are two problems:

1. You have to encode stuff, especially quotes:

    $text = htmlentities($value, ENT_QUOTES); 

2. The title attribute does not work with newlines, so you will have to deal that. Something like this should do the job:

    $text = preg_replace('/\\r?\\n/', '#xA;', $text); 

Answer 2

Pass the flag, ENT_QUOTES, to your htmlentities function. See http://php.net/htmlentities . This will replace quotes with entified quote and prevent it from breaking out of the data-comment attribute.

Answer 3

Try escaping the quotes in your data. Something to this affect:

$pattern = "/\"|\'/";
$replace = '\\\"';
$subject = $row[comment];
$rowComment = preg_filter($pattern, $replace, $subject);

*Tip - You can also filter the data before storing it.

Description: echo $rowComment will produce a string with all quotes escaped;