[英]Escaping quotes in a javascript object generated from PHP
I feel like this must surely be a duplicate of an oft-answered question, but I cannot find an answer that addresses my particular issue. 我觉得这肯定是一个经常回答的问题的副本,但是我找不到解决我特定问题的答案。
I am loading data from MySQL via PHP, including some strings and a JSON-encoded string. 我正在通过PHP从MySQL加载数据,包括一些字符串和一个JSON编码的字符串。 This data may contain special characters, entered by the user.
该数据可能包含用户输入的特殊字符。
I then combine this data into a PHP array, then json_encode
it and read it into javascript using JSON.parse
. 然后,我将这些数据合并到一个PHP数组中,然后对其进行
json_encode
并使用JSON.parse
其读入javascript。
My issue is that an apostrophe in any of these strings will interrupt the javascript, preventing the JSON.parse
from completing. 我的问题是,这些字符串中的任何撇号都会中断javascript,从而阻止
JSON.parse
完成。
I think there are three ways to solve this: 我认为可以通过三种方法解决此问题:
htmlspecialchars()
or similar), though this will be difficult when loading data that's stored as a JSON string (I suppose I could decode it, then loop through and escape special characters in each element, then re-encode it). htmlspecialchars()
或类似方法),尽管在加载存储为JSON字符串的数据时这会很困难(我想我可以对其进行解码,然后遍历并转义每个元素中的特殊字符) ,然后重新编码)。 I would have to say that special character encoding is probably the single-most frustrating aspect of web development, as it causes me so many unexpected errors and I struggle to understand the different functions and when they should be used. 我不得不说特殊字符编码可能是Web开发中最令人沮丧的方面,因为它导致了很多意外错误,并且我难以理解不同的功能以及何时使用它们。
EDIT: 编辑:
var feedback = JSON.parse('{"721103":[{"sessionid":"45","feedback":{"praise":["","",""],"development":["","",""]}},{"sessionid":"46","feedback":{"praise":["Test","Test's",""],"development":["","",""]}}') ;
The apostrophe in Test's
breaks the javascript Test's
撇号打破了JavaScript
This should prevent your javascript from breaking: 这样可以防止您的JavaScript损坏:
var feedback = JSON.parse(`{"721103":[{"sessionid":"45","feedback":{"praise":["","",""],"development":["","",""]}},{"sessionid":"46","feedback":{"praise":["Test","Test's",""],"development":["","",""]}}]}`) ;
It uses ``, instead of ''. 它使用``而不是''。 They work the same, but won't be affecting eachother.
它们的作用相同,但不会互相影响。
I also corrected your json syntax error. 我还纠正了您的json语法错误。
Don't munge user data before storing in the DB. 在存储在数据库中之前,请勿清除用户数据。 You can munge it all you want after retrieving it.
取回后,您可以随意调整它。
I assume you're using PHP's json_encode() function to produce the JSON-encoded string, in which case you can use the JSON_HEX_APOS
option to encode apostrophes as \'
, eg: 我假设您正在使用PHP的json_encode()函数来生成JSON编码的字符串,在这种情况下,您可以使用
JSON_HEX_APOS
选项将撇号编码为\'
,例如:
json_encode( $a, JSON_HEX_APOS )
Where $a
is your PHP array. 其中
$a
是您的PHP数组。 This should produce a JSON string devoid of actual apostrophes, which you can surround with apostrophes to create a Javascript string: 这将产生一个没有实际撇号的JSON字符串,您可以将其与撇号括起来以创建Javascript字符串:
echo "var feedback = JSON.parse('" . json_encode( $a, JSON_HEX_APOS ) . "')";
My attempts to edit @kmoser's answer with the actual solution that worked were rejected in peer review, so here's what worked. 我尝试使用有效的实际解决方案来编辑@kmoser的答案的尝试在同行评审中被拒绝,所以这是可行的。 All credit to @kmoser:
全部归功于@kmoser:
$json_feedback = preg_replace( preg_quote('/\\u/\u0026#39;), '\\\\\\\\\\\\\\\\u\u0026#39;, json_encode( $feedback, JSON_HEX_APOS | JSON_HEX_QUOT ) );
It works by replacing singles and double quotes with hex strings when the data is retrieved from the MySQL database. 当从MySQL数据库检索数据时,它通过用十六进制字符串替换单引号和双引号来工作。 For reasons I don't understand, that still broke the javascript, so I then did a
preg_replace
to put an additional backslash before the escaped code. 由于我不明白的原因,它仍然破坏了JavaScript,因此我做了一个
preg_replace
,在转义的代码前加上了一个反斜杠。
Notice how many backslashes I had to put in to persuade the preg_replace to put in the additional backslash to prevent the javascript breaking. 请注意,为了说服preg_replace放入其他反斜杠以防止javascript中断,我必须插入多少个反斜杠。 I may be able to get away with fewer backslashes, the number that appears here is mostly out of sheer frustration with this silly issue!
我也许可以用更少的反斜杠来摆脱,这里出现的数字主要是出于对这个愚蠢问题的无奈之举!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.