在脚本标记php中转义单引号
[英]Escape single quotes inside script tag php
问题描述
I have the following: 
我有以下内容:
<?php echo '<script type="text/javascript">(function(d) {var url="http://myurl.com"; var iframe = d.createElement("iframe");(iframe.frameElement || iframe).style.cssText = "width: 0; height: 0;border: 0;"; iframe.src = "javascript:false"; d.body.appendChild(iframe);var doc = iframe.contentWindow.document; doc.open().write(\'<body onload="window.location.href=\'+url+\'">\'); doc.close();})(document); </script>'; ?>
Which creates and iframe on a page and set the onload property of body tag of the iframe to the value of url variable. 它会在页面上创建iframe并将iframe的body标签的onload属性设置为url变量的值。
The problem I have is this that I want the value of the url to be surrounded by single quotes like: 我的问题是我希望url的值被单引号括起来,例如:
<body onload="window.location.href='http://myurl.com'"></body> (**Noticed the single quotes around the url?**)
But instead I got: 但是我得到了:
<body onload="window.location.href=http://myurl.com"></body> (**without single quotes around the url**)
Can anybody help? 有人可以帮忙吗?
Thanks in advance 提前致谢
2 个解决方案
解决方案1
2 2018-08-14 23:01:47
I would use a HEREDOC, personally. 我个人会使用HEREDOC。 They aren't that well known but they are very powerful way of doing strings 它们不是很知名,但是它们是处理弦乐的非常有效的方法
<?php
echo <<<CODE
<script type="text/javascript">(function(d) {var url="http://myurl.com"; var iframe = d.createElement("iframe");(iframe.frameElement || iframe).style.cssText = "width: 0; height: 0;border: 0;"; iframe.src = "javascript:false"; d.body.appendChild(iframe);var doc = iframe.contentWindow.document; doc.open().write('<body onload="window.location.href=\''+url+'\'">'); doc.close();})(document); </script>
CODE; //<-- note nothing can come before or after this no spaces or even this comment.
AS I put in the code nothing can come before/after the ending Identifier ( SCRIPT in this case) not even a single space or it wont work. 正如我在代码中输入的那样,结尾标识符 (在本例中为SCRIPT ) 之前/之后什么也不会出现,即使是单个空格也不起作用。 Except the ; 除了; you can actually leave that out when putting it in an array, but that's a story for another day. 您实际上可以在将其放入数组时将其忽略,但这是另一回事了。
The Identifier can be anything but it should not appear in the text is a good general rule. 标识符可以是任何东西,但是不应在文本中出现,这是一个很好的一般规则。
The advantage here is we are not using a quote or single quote to mark this as a string so it frees us up to use both. 这样做的好处是我们不使用引号或单引号将其标记为字符串,因此它使我们可以同时使用两者。 There is no need to escape them with this, outside of the normal use (no need for PHP's purposes) 无需在正常使用范围内对此进行转义(不需要PHP的用途)
The HEREDOC (above) works like " as far as variable interpolation ( replaces variables with their value). 对于变量插值(将变量替换为其值),HEREDOC(上方)的工作方式类似于" 。
The NOWDOC version works like ' where it does not replace variables. NOWDOC版本的作用类似于' ,它不替换变量。 that is done like this 就是这样
<?php
<<<'TAG'
SOME CONTENT
TAG;
Notice the <<<'TAG' instead of <<<TAG . 注意<<<'TAG'而不是<<<TAG 。 The same rules apply as I mentioned above for the ending "tag". 对于结束符“ tag”,我使用了与上述相同的规则。 This is very very very important, which is why I made it bold and mentioned it 3 times. 这非常非常非常重要,这就是为什么我大胆地提到它3次。
UPDATE UPDATE
As mentioned in the comments, if you want extra ' around the url, you will have to escape them, but this is for Javascripts purposes, not PHP. 如注释中所述,如果您想要在URL周围添加多余的' ,则必须将其转义,但这是出于Java脚本目的,而不是PHP。 Overall it still makes the code easier to deal with. 总体而言,它仍然使代码更易于处理。
.write('<body onload="window.location.href=\''+url+'\'">');
Because there is no way around having to escape that for Javascript, but you don't have to worry about additional escaping due to PHP. 因为没有方法可以不必针对Javascript进行转义,但是您不必担心由于PHP而导致的其他转义。 I'm pretty sure without the HEREDOC you would need to add 2 additional \\ to it like this href=\\\\\\''+url+'\\\\\\' which is pretty ugly, Or change your double quotes to ' which I really don't like tags with single quotes (its a pet peeve of mine) <script type='text/javascript' ... it's just ugly to me. 我很确定没有HEREDOC,您需要为其添加2个额外的\\ ,例如href=\\\\\\''+url+'\\\\\\' ,这很丑陋,或者将双引号更改为'我真的不喜欢'不喜欢带有单引号的标签(它是我的宠儿) <script type='text/javascript' ...这对我来说很丑。
解决方案2
2 已采纳 2018-08-14 23:08:02
Try this: 尝试这个:
<?php echo "<script type='text/javascript'>
(function(d){
var url='http://myurl.com';
var iframe = d.createElement('iframe');
(iframe.frameElement || iframe).style.cssText = 'width: 0; height: 0;border: 0;';
iframe.src = 'javascript:false';
d.body.appendChild(iframe);
var doc = iframe.contentWindow.document;
doc.open().write('<body onload=\"window.location.href=\''+url+'\'\">');
doc.close();
})(document);
</script>";
?>
The main error is in the way that you're scaping the single quote. 主要错误在于您对单引号进行了转义。
Because you're trying to get the href value you need to scape first and concatenate, is easier if you use double quote to manage the strings inside PHP. 因为您试图获取href值,所以需要先转义和连接,如果使用双引号来管理PHP中的字符串,则更容易。 In this way the onload function can be load using \\" , and for get the url value just do \\' inside the main string. 这样,可以使用\\“加载onload函数,并且要获取url值,只需在主字符串中执行\\'。
Also don't worry if you split the Javascript in more lines, that will be do easier identify the errors. 同样不要担心,如果将Javascript分成更多行,这样做会更容易识别错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.