All geek questions in one place

Single quote in file name - javascript, php

How can I handle a quote in the data that should be there?

This javascript expression works fine until the city name is "ST JOHN'S". We cannot change the city name change in the database or use a more reliable key.

$('#map_output').html('<p><img src="img/map/<?=$CITY_OUT?>_map.PNG" width="600"></p>')
+3
source share
7 answers

Use htmlspecialchars().

EDIT: you use it (sorta) as json_encode:

<?=htmlspecialchars($CITY_OUT, ENT_QUOTES)?>

But htmlspecialcharsmore semantic is json_encodethe generation of JSON (internal, data representation), not the representation.

Nick Craver is right, but it will work too.

: ENT_QUOTES "" ...

+6

json_encode(), , :

<?=json_encode($CITY_OUT)?>
+2

:

URL-, URL- :

$url = rawurlencode('img/map/'.$CITY_OUT.'_map.PNG');

HTML, HTML:

$html = '<p><img src="'.htmlspecialchars($url).'" width="600"></p>';

, ', ", &, < > URL-. , HTML. , .

, JavaScript, JSON-:

$('#map_output').html(<?= json_encode($html) ?>)

( JSON-)

+2

:

<?php

  $string = "ST JOHN'S";
  $json = json_encode($string);
  $html =  htmlspecialchars($string);
  $escape = str_replace("'", "\'", $string);


  ?>

  <script type="text/javascript">
    alert('<?php echo $escape?>');
    alert('<?php echo $html?>');
    alert('<?php echo $json?>');
  </script>

, javascript, str_replace, .

+1

"rawurlencode" - , , URL- "img/map/..." , PHP . , "rawurlencode" , XSS.

<?php
    $string   = "ST JOHN'S";
    $json     = json_encode($string);
    $html     = htmlspecialchars($string, ENT_QUOTES);
    $htmlent  = htmlentities($string, ENT_QUOTES);
    $escape   = str_replace("'", "\'", $string);
    $urlenc   = rawurlencode($string);
?>

  <script type="text/javascript">
      alert('<?php echo $html; ?>');
      alert('<?php echo $htmlent; ?>');
      alert('<?php echo $urlenc; ?>');
  </script>
0

, , , , , ( ). :

:

$json:
<img src="img/map/"ST JOHN'S"_map.PNG"/ width="600">
$html:
<img src="img/map/ST JOHN&#039;S_map.PNG"/ width="600">
$htmlent:
<img src="img/map/ST JOHN&#039;s_map.PNG"/ width="600">
$escape:
<img src="img/map/ST JOHN\'S_map.PNG"/ width="600">
$urlenc:
<img src="img/map/ST%20JOHN%27S_map.PNG"/ width="600">

( JSON, ).

, ( ).... , JSON.

JSON , , . , , JSON Javasscript, , , , :

$('#map_output').html('<p><img src="img/map/"+<?=$json?>+"_map.PNG"/ width="600"></p>');

. , . , , .

( \', ' URL %27) :

  • Escaping , Javascript, Javascript, HTML, , .

  • , HTML , ' HTML , , .

  • URL , URL.

, URL , URL-. , , , , (&) , URL , . , HTML- , - . Javascript, JSON .

, . : ? ? . , , " ", ?

, , , . ; - , , , .

In fact, you must avoid or encode all the lines you enter or output so that invalid characters work. Otherwise, Mr. O'Brien will have trouble entering his name on your site, and if he can handle it, you will have trouble displaying it later.

0
source

Unfortunately, none of the above solutions helped.

<?
    $string   = "ST JOHN'S";
    $json     = json_encode($string);
    $html     = htmlspecialchars($string, ENT_QUOTES);
    $htmlent  = htmlentities($string, ENT_QUOTES);
    $escape   = str_replace("'", "\'", $string);
    $urlenc   = rawurlencode($string);
?>

$json:
<img src="img/map/<?=$json?>_map.PNG"/ width="600">
$html:
<img src="img/map/<?=$html?>_map.PNG"/ width="600">
$htmlent:
<img src="img/map/<?=$htmlent?>_map.PNG"/ width="600">
$escape:
<img src="img/map/<?=$escape?>_map.PNG"/ width="600">
$urlenc:
<img src="img/map/<?=$urlenc?>_map.PNG"/ width="600">

output:

$json:
<img src="img/map/"ST JOHN'S"_map.PNG"/ width="600">
$html:
<img src="img/map/ST JOHN&#039;S_map.PNG"/ width="600">
$htmlent:
<img src="img/map/ST JOHN&#039;s_map.PNG"/ width="600">
$escape:
<img src="img/map/ST JOHN\'S_map.PNG"/ width="600">
$urlenc:
<img src="img/map/ST%20JOHN%27S_map.PNG"/ width="600">
-1
source

Source: https://habr.com/ru/post/1772957/

More articles:


All Articles