Escaping characters in php, javascript
Question
I have a page where users are adding their reports at the end of day. They click the button "Add Report" and then it shows them textarea where they need to type a report. After they enter it and save it, i send that to database. But before writing in database i use this function to escape characters:
db::$conn->real_escape_string($str);
And report it saved successfully. When I open database table with MySQL Workbench, I see report in one row, and if it contains new lines it does not show but if i move my cursor over it it shows tooltip where new lines are present.
After that I need to show table of reports and enable editing. The problem is that when I click Edit button, it should show textarea and report in it, but instead i get empty textarea. I found the problem it is about escaping characters. This is how I render edit button in table.
$report = $row['user_report'];
$report = str_replace('"', '\"', $report);
$report = str_replace("'", "\'",$report);
$report = htmlspecialchars($report, ENT_QUOTES);
$r[] = '<a onclick="$(\'#editReport\').val(\''.$report.'\'); $(\'#editComment\').attr(\'onClick\', \'EditReport('.$row['id'].'); return;\');" class="btn-action glyphicons pencil btn-info" data-toggle="modal" data-target=".bs-modal-ld"><i></i></a>';
$r[] is then atached to output data, but thing that most maters is this javascript. The problem is new lines, and I dont know how to escape them. This is how it generates HTML page. Just to mention, if report is written without new lines everything works fine.
<a onclick="$('#editReport').val('Fixed bugs on \"User report\" page.
Developing Transaction page.
Developing admin users page.'); $('#editComment').attr('onClick', 'EditReport(100); return;');" class="btn-action glyphicons pencil btn-info" data-toggle="modal" data-target=".bs-modal-ld"><i></i></a>
And this new lines here are causing the problem.
The report that I entered is this one:
Fixed bugs on "User report" page.
Developing Transaction page.
Developing admin users page.
But if i enter like this, it works:
Fixed bugs on "User report" page. Developing Transaction page. Developing admin users page.
EDIT: I fixed it with another str_replace("\\n", "\\\\n", $report); it works for now :D
2 answers
solution1
0 2014-03-26 08:43:17
That's bad. Consider instead using JavaScript to find the content and get its data, rather than duplicating your entire content into an inline event handler, because that's never going to work ;)
solution2
0 2014-03-26 08:43:26
You should use json_encode function
Try this way
$report = json_encode($row['user_report']); // no need str_replace
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.