I need to escape single quotes in JavaScript function parameters to avoid this:
onclick="Javascript:INSERT_PRODUCT('188267','WILL AND GRACE','32311','L'ANNIVERSARIO DINOZZE ','20101113|04|18|','13/11/2010 0.00.00','CANALE 5 ',this);"
But I need to escape them inside a function call since I do not know the values that will be passed (db variables I can't escape from the database).
Is there a function that allows me to do something like the following?
onclick="Javascript:function(escape(param1), escape(param2), escape(param3));"
JSON.stringify(plainTextStr).replace(/&/, "&").replace(/"/g, """)
will produce a string you can safely embed in a quoted attribute and which will have the same meaning when seen by the JavaScript interpreter.
The only caveat is that some Unicode newlines (U+2028 and U+2029) need to be escaped before being embedded in JavaScript string literals, but JSON only requires that \\r
and \\n
be escaped.
用反斜杠转义撇号:
onclick="INSERT_PRODUCT('188267','WILL AND GRACE ','32311','L\'ANNIVERSARIO DI NOZZE ','20101113|04|18|','13/11/2010 0.00.00','CANALE 5 ',this);"
It's maybe not totally clear from the question, but assuming that all you want is to send this to a PHP script for storing in a database, you of course would ideally utilize PHP's various methods such as stripslashes()
-- but if you're really not trying to get too fancy, simply adding 1 slash in front of any single quote is enough to send a SQL query right into PHP from the client-side. It's not safe , but maybe not necessary either.
str.replace(/'/g, "\\'"); // escaping \ with \, so used 2x
does the trick., like for example in something like this:
var body = $('#body').val().replace(/'/g, "\\'");
myCustomSQLqueryFunction("UPDATE mytable SET `content`='"+ body +"';" );
MySQL will now store your body
like you see it in the form field.
This function worked for me (it removes and restores the quote again): Guessing that the data to be sent is the value of an input element,
var Url = encodeURIComponent($('#userInput').val().replace("'","\\'"));
Then get the original text again:
var originalText = decodeURIComponent(Url);
var cmpdetail = cmpdetail.replace(/'/g, "\\'");
它为我工作。
I prefer to use single quote for defining JavaScript strings. Then I escape my embedded double quotes as follows.
This is how I do it, basically str.replace(/[\\""]/g, '\\\\"')
.
var display = document.getElementById('output'); var str = 'class="whatever-foo__input" id="node-key"'; display.innerHTML = str.replace(/[\\""]/g, '\\\\"'); //will return class=\\"whatever-foo__input\\" id=\\"node-key\\"
<span id="output"></span>
I encountered a similar issue recently, and solved it by replacing the single quote with the corresponding unicode ( '
)
Initially my code was this, resulting in me getting results that were cut off (eg Jane's Coffee
became just Jane
in the output).
b.innerHTML += "<input type='hidden' value='" + arr[i] + "'>";
When I introduced unicode replacement (shown below), I got the exact output I wanted
b.innerHTML += "<input type='hidden' value='" + arr[i].replace("'", "'") + "'>";
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.