I'm creating a music player. But the PHP just messes up filenames that have a singlequote in it. How can I fix this?
The first code is my current PHP. The second code is how i want the output to be.
// integer starts at 0 before counting
$i = 0;
$dir = 'music/';
if ($handle = opendir($dir)) {
while (($file = readdir($handle)) !== false) {
if (!in_array($file, array('.', '..')) && !is_dir($dir.$file))
echo "<span class='song' id='".$file."' onClick='playSong(\"".addslashes($file)."\");'>".$file."</span><br />";
}
}
At first I did HTML, But now I want to use PHP so i can just drag songs into a folder and they get automaticly added to the list.
This is how the HTML was, which is how I want the output from the PHP to be.
<span id="Martin Garrix - Animals" onClick="playSong('Martin Garrix - Animals');">Martin Garrix - Animals</span>
<br />
<span id="TryHardNinja - Doin' it grand" onClick="playSong('TryHardNinja - Doin\' it grand');">TryHardNinja - Doin' it grand</span>
<br />
<span id="TryHardNinja - Calling All Ghosts" onClick="playSong('TryHardNinja - Calling All Ghosts');">TryHardNinja - Calling All Ghosts</span>
Just change the quotes around:
echo '<span class="song" id="'.$file.'" onClick="playSong(\''.addslashes($file).'\');">'.$file.'</span><br />';
PS: I'm also not really sure, if you need the addslashes
.
You say:
But the PHP just messes up filenames that have a singlequote in it.
But you code itself is adding the slashes via addslashes
in this line:
echo "<span class='song' id='".$file."' onClick='playSong(\"".addslashes($file)."\");'>".$file."</span><br />";
Looking at your HTML it seems that the reason you are adding addslashes
might be connected to your HTML tag parameters (ie: class='song'
& such) having single quotes in them. So I would recommend you use double quotes on them & just remove the addslashes
entirely:
echo '<span class="song" id="'.$file.'" onClick="playSong("'.$file.'");'>'.$file.'</span><br />';
Or you can use preg_replace
instead of addslashes
to change all single quotes in your $file
string to be the ASCII HTML entity for it ( '
) instead:
echo "<span class='song' id='".$file."' onClick='playSong(\"".preg_replace('/\'/', ''', $file)."\");'>".$file."</span><br />";
而不是使用addslashes
,使用htmlentities ,这也避免了很多无关的麻烦,例如当你有不是英文的歌曲标题时的不同编码。
echo '<span class="song" id="'.$file.'" onClick="playSong(\''.htmlentities($file, ENT_QUOTES, 'UTF-8').'\');">'.htmlentities($file, ENT_QUOTES, 'UTF-8').'</span><br />';
As mentioned in How to escape only single quotes? , use json_encode(), which is injection-safe:
$my_str = json_encode("using single quote here: '",JSON_HEX_APOS);
echo $my_str;
this gives you the output:
using single quote here: \u0027
which works the same as \\' in JavaScript.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.