stackoom
  简体   繁体   中英

PHP trying to escape single quotes

 原文  2014-01-02 14:51:20       javascript/ php/ html

Question

I'm creating a music player. But the PHP just messes up filenames that have a singlequote in it. How can I fix this?

The first code is my current PHP. The second code is how i want the output to be. 

// integer starts at 0 before counting
$i = 0; 
$dir = 'music/';
if ($handle = opendir($dir)) {
    while (($file = readdir($handle)) !== false) {
        if (!in_array($file, array('.', '..')) && !is_dir($dir.$file)) 
        echo "<span class='song' id='".$file."' onClick='playSong(\"".addslashes($file)."\");'>".$file."</span><br />";
    }
}

At first I did HTML, But now I want to use PHP so i can just drag songs into a folder and they get automaticly added to the list.

This is how the HTML was, which is how I want the output from the PHP to be. 

<span id="Martin Garrix - Animals" onClick="playSong('Martin Garrix - Animals');">Martin Garrix - Animals</span>
<br />
<span id="TryHardNinja - Doin' it grand" onClick="playSong('TryHardNinja - Doin\' it grand');">TryHardNinja - Doin' it grand</span>
<br />
<span id="TryHardNinja - Calling All Ghosts" onClick="playSong('TryHardNinja - Calling All Ghosts');">TryHardNinja - Calling All Ghosts</span>

5 answers

solution1
 2 ACCPTED  2014-01-02 14:56:52

Just change the quotes around: 

echo '<span class="song" id="'.$file.'" onClick="playSong(\''.addslashes($file).'\');">'.$file.'</span><br />';

PS: I'm also not really sure, if you need the addslashes .

solution2
 0  2014-01-02 14:56:59

Use the HTML ASCII code for the single quote: 

&#39;

http://www.ascii.cl/htmlcodes.htm

solution3
 0  2014-01-02 14:58:57

You say:

But the PHP just messes up filenames that have a singlequote in it.

But you code itself is adding the slashes via addslashes in this line: 

echo "<span class='song' id='".$file."' onClick='playSong(\"".addslashes($file)."\");'>".$file."</span><br />";

Looking at your HTML it seems that the reason you are adding addslashes might be connected to your HTML tag parameters (ie: class='song' & such) having single quotes in them. So I would recommend you use double quotes on them & just remove the addslashes entirely: 

echo '<span class="song" id="'.$file.'" onClick="playSong("'.$file.'");'>'.$file.'</span><br />';

Or you can use preg_replace instead of addslashes to change all single quotes in your $file string to be the ASCII HTML entity for it ( &#39; ) instead: 

echo "<span class='song' id='".$file."' onClick='playSong(\"".preg_replace('/\'/', '&#39;', $file)."\");'>".$file."</span><br />";

solution4
 0  2014-01-02 15:10:26

而不是使用addslashes ,使用htmlentities ,这也避免了很多无关的麻烦,例如当你有不是英文的歌曲标题时的不同编码。 

echo '<span class="song" id="'.$file.'" onClick="playSong(\''.htmlentities($file, ENT_QUOTES, 'UTF-8').'\');">'.htmlentities($file, ENT_QUOTES, 'UTF-8').'</span><br />';

solution5
 0  2014-01-02 15:13:31

As mentioned in How to escape only single quotes? , use json_encode(), which is injection-safe: 

$my_str = json_encode("using single quote here: '",JSON_HEX_APOS);

echo $my_str;

this gives you the output: 

using single quote here: \u0027

which works the same as \\' in JavaScript.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Escape single quotes inside script tag php Escape single quotes in title How to escape a double quotes, inside a double quotes, inside a single quotes in PHP/Javascript? Escape quotes in a variable with PHP Escape single quotes in jQuery or JavaScript impossible to escape single quotes in XML How to escape single quotes in JSP Trying to escape quotes in a href tag Escape quotes from Javascript in PHP escape double quotes inside double quotes and single quotes
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM