I need to escape single quotes in JavaScript function parameters to avoid this:
title="Javascript:INSERT_PRODUCT['188267','WILL AND GRACE','32311','L'ANNIVERSARIO DINOZZE ','20101113|04|18|','13/11/2010 0.00.00','CANALE 5 ',this];"
But I need to escape them inside a function call since I do not know the values that will be passed [db variables I can't escape from the database].
Is there a function that allows me to do something like the following?
title="Javascript:function[escape[param1], escape[param2], escape[param3]];"
asked Jan 5, 2012 at 14:41
8
JSON.stringify[plainTextStr].replace[/&/, "&"].replace[/"/g, """]
will produce a string you can safely embed in a quoted attribute and which will have the same meaning when seen by the JavaScript interpreter.
The only caveat is that some Unicode newlines [U+2028 and U+2029] need to be escaped before being embedded in JavaScript string literals, but JSON only
requires that \r and \n be escaped.
answered Jan 5, 2012 at 14:52
Mike SamuelMike Samuel
115k30 gold badges212 silver badges241 bronze badges
Escape the apostrophe with a backslash:
title="INSERT_PRODUCT['188267','WILL AND GRACE ','32311','L\'ANNIVERSARIO DI NOZZE ','20101113|04|18|','13/11/2010 0.00.00','CANALE 5 ',this];"
answered Jan 5, 2012 at 14:46
3
It's maybe not totally clear from the question, but assuming that all you want is to send this to a PHP script for storing in a database, you of course would ideally utilize PHP's various methods such as stripslashes[] -- but if you're really not trying to get too fancy, simply adding 1 slash in front of any single quote is enough to send a SQL query right into PHP from the client-side. It's not
safe, but maybe not necessary either.
str.replace[/'/g, "\\'"]; // escaping \ with \, so used 2x
does the trick., like for example in something like this:
var body = $['#body'].val[].replace[/'/g, "\\'"];
myCustomSQLqueryFunction["UPDATE mytable SET `content`='"+ body +"';" ];
MySQL will now store your body like you see it in the form field.
answered Feb 7, 2013 at 1:20
timtim
3,6954 gold badges34 silver badges38 bronze badges
1
This function worked for me [it removes and restores the quote again]: Guessing that the data to be sent is the value of an input element,
var Url = encodeURIComponent[$['#userInput'].val[].replace["'","\\'"]];
Then get the original text again:
var originalText = decodeURIComponent[Url];
answered Nov 28, 2014 at 17:21
IrrmichIrrmich
4164 silver badges15 bronze badges
var cmpdetail = cmpdetail.replace[/'/g, "\\'"];
its working for me.
answered Dec 15, 2015 at 5:53
amitamit
3895 gold badges7 silver badges20 bronze badges
I prefer to use single quote for defining JavaScript strings. Then I escape my embedded double quotes as follows.
This is how I do it, basically str.replace[/[\""]/g, '\\"'].
var display = document.getElementById['output'];
var str = 'class="whatever-foo__input" id="node-key"';
display.innerHTML = str.replace[/[\""]/g, '\\"'];
//will return class=\"whatever-foo__input\" id=\"node-key\"answered May 31, 2016 at 0:17
Ronnie RoystonRonnie Royston
14.3k6 gold badges72 silver badges84 bronze badges
I encountered a similar issue recently, and solved it by replacing the single quote with the corresponding unicode [']
Initially my code was this, resulting in me getting results that were cut off [e.g. Jane's Coffee became just Jane in the output].
b.innerHTML += "";
When I introduced unicode replacement [shown below], I got the exact output I wanted
b.innerHTML += "