How to escape single quote in javascript parameters

I need to escape single quotes in JavaScript function parameters to avoid this:

onclick="Javascript:INSERT_PRODUCT('188267','WILL AND GRACE','32311','L'ANNIVERSARIO DINOZZE ','20101113|04|18|','13/11/2010 0.00.00','CANALE 5  ',this);"

But I need to escape them inside a function call since I do not know the values that will be passed (db variables I can't escape from the database).

Is there a function that allows me to do something like the following?

onclick="Javascript:function(escape(param1), escape(param2), escape(param3));"

asked Jan 5, 2012 at 14:41

8

 JSON.stringify(plainTextStr).replace(/&/, "&").replace(/"/g, """)

will produce a string you can safely embed in a quoted attribute and which will have the same meaning when seen by the JavaScript interpreter.

The only caveat is that some Unicode newlines (U+2028 and U+2029) need to be escaped before being embedded in JavaScript string literals, but JSON only requires that \r and \n be escaped.

answered Jan 5, 2012 at 14:52

Mike SamuelMike Samuel

115k30 gold badges212 silver badges241 bronze badges

Escape the apostrophe with a backslash:

onclick="INSERT_PRODUCT('188267','WILL AND GRACE ','32311','L\'ANNIVERSARIO DI NOZZE ','20101113|04|18|','13/11/2010 0.00.00','CANALE 5 ',this);"

answered Jan 5, 2012 at 14:46

3

It's maybe not totally clear from the question, but assuming that all you want is to send this to a PHP script for storing in a database, you of course would ideally utilize PHP's various methods such as stripslashes() -- but if you're really not trying to get too fancy, simply adding 1 slash in front of any single quote is enough to send a SQL query right into PHP from the client-side. It's not safe, but maybe not necessary either.

str.replace(/'/g, "\\'"); // escaping \ with \, so used 2x

does the trick., like for example in something like this:

var body = $('#body').val().replace(/'/g, "\\'");
myCustomSQLqueryFunction("UPDATE mytable SET `content`='"+ body +"';" );

MySQL will now store your body like you see it in the form field.

answered Feb 7, 2013 at 1:20

timtim

3,6954 gold badges34 silver badges38 bronze badges

1

This function worked for me (it removes and restores the quote again): Guessing that the data to be sent is the value of an input element,

var Url = encodeURIComponent($('#userInput').val().replace("'","\\'"));

Then get the original text again:

var originalText = decodeURIComponent(Url);

answered Nov 28, 2014 at 17:21

IrrmichIrrmich

4164 silver badges15 bronze badges

var cmpdetail = cmpdetail.replace(/'/g, "\\'");

its working for me.

answered Dec 15, 2015 at 5:53

amitamit

3895 gold badges7 silver badges20 bronze badges

I prefer to use single quote for defining JavaScript strings. Then I escape my embedded double quotes as follows.

This is how I do it, basically str.replace(/[\""]/g, '\\"').

var display = document.getElementById('output');
var str = 'class="whatever-foo__input" id="node-key"';
display.innerHTML = str.replace(/[\""]/g, '\\"');

//will return class=\"whatever-foo__input\" id=\"node-key\"

answered May 31, 2016 at 0:17

Ronnie RoystonRonnie Royston

14.3k6 gold badges72 silver badges84 bronze badges

I encountered a similar issue recently, and solved it by replacing the single quote with the corresponding unicode (')

Initially my code was this, resulting in me getting results that were cut off (e.g. Jane's Coffee became just Jane in the output).

b.innerHTML += "";

When I introduced unicode replacement (shown below), I got the exact output I wanted

b.innerHTML += "";

answered Oct 3, 2021 at 11:21

How do you escape a quote in JavaScript?

How do I escape a single quote?

How do you escape a single quote from a string?

How do you escape a special character in JavaScript?

How do you use single quotes in JavaScript?

How do you handle a single quote in a string?