如何转义在PHP中回显的Javascript代码

I have this code that is captured in the jquery Data object from a php page.

我有这个代码从php页面的jquery Data对象中捕获。

echo "
    var $d = $('<div/>', {
        id: 'hi' + $('#textResp').children().length,
        class: 'eventdiv',
        html: 'hello'
    }).hide().fadeIn(3000);

    $('#textResp').append($d)

";

Problem is, the 's are not escaped. I have tried using /' to escape, but it comes up with an error. I am sure I am doing this wrong, does anyone know where to put the /' instead of '?

问题是,没有逃脱。我尝试使用/'来逃避,但它出现了错误。我确信我做错了,有谁知道在哪里放'/而不是'?

6 个解决方案

#1

You could use a php nowdoc instead of quotes at all which would simplify things:

您可以使用php nowdoc而不是引号来简化操作:

echo <<<'DOC'
    var $d = $('<div/>', {
        id: 'hi' + $('#textResp').children().length,
        class: 'eventdiv',
        html: 'hello'
    }).hide().fadeIn(3000);

    $('#textResp').append($d)
DOC;

then use whatever you want inside (quote or dquote). This is, of course, unparsed so if $d was actually referring to a php var then you would have problems.

然后使用你想要的任何内容(引用或引用)。当然,这是未解析的,所以如果$ d实际上指的是php var,那么你会遇到问题。

#2

Your apostrophes actually look fine. But, within a double quoted string, PHP will evaluate any string beginning with a dollar sign as a variable and not produce the desired result. Try replace the jquery related instances of $ with \$. Like this:

你的撇号实际上看起来很好。但是,在双引号字符串中,PHP将评估以美元符号开头的任何字符串作为变量,而不会产生所需的结果。尝试用\ $替换$的jquery相关实例。像这样:

echo "
    var \$d = \$('<div/>', {
        id: 'hi' + \$('#textResp').children().length,
        class: 'eventdiv',
        html: 'hello'
    }).hide().fadeIn(3000);

    \$('#textResp').append(\$d)

";

#3

use json_encode function in php, it behaves like the escape_javascript function in rails.

在php中使用json_encode函数,它的行为类似于rails中的escape_javascript函数。

just pass a string argument to the json_encode function, and it return the escaped string for you, see the sample code below:

只需将字符串参数传递给json_encode函数,然后为您返回转义字符串,请参阅下面的示例代码:

<?php
$form_html  = <<HTML
<form action='...' ...>
    <input type='...' name='...' ...>
    ...
</html>
HTML;
?>

var form_html = <?php echo json_encode($form_html); ?>;
$('.remote#create_form').html(form_html).slideDown();

#4

-1

You will need to use \ before all 's.

你需要在所有人之前使用\。

However, this is puzzling, why do you feel you need escape characters? It appears you are simply echoing this output, if this is between <script /> tags, you should be fine.

然而,这令人费解,为什么你觉得你需要逃脱角色?看来你只是回显这个输出,如果这是在标签之间,你应该没问题。

#5

-1

PHP will attempt to expand variables, $name, that occur in strings wrapped in double quotes. Since $d looks like a variable to the PHP interpreter, it will try to replace it with the variable's value.

PHP将尝试扩展包含在双引号中的字符串中出现的变量$ name。由于$ d看起来像PHP解释器的变量,它将尝试用变量的值替换它。

Assuming that you don't have $d defined anywhere, that will produce an empty space and, possibly, a notice (if you are using error level E_NOTICE).

假设您没有在任何地方定义$ d,那将产生一个空的空间,并且可能会产生一个通知(如果您使用的是错误级别E_NOTICE)。

To prevent that from happening, escape dollar signs with a backslash (replace $ with \$)

为防止这种情况发生,请使用反斜杠转义美元符号(用$替换$)

#6

-1

Use single quotes for your string construction. Only use double quotes when you specifically are including variables that you want evaluated. PHP is trying to evaluate all of those $ references you have in there. By using single quotes, you will avoid many escaping problems.

使用单引号进行字符串构造。当您专门包含要评估的变量时,仅使用双引号。 PHP正试图评估你在那里的所有$引用。通过使用单引号,您将避免许多转义问题。

echo '
    var $d = $("<div/>", {
        id: "hi" + $("#textResp").children().length,
        class: "eventdiv",
        html: "hello"
    }).hide().fadeIn(3000);

    $("#textResp").append($d)

';

#1