如何转义 PHP 中回显的 Javascript 代码
我有这段代码是从 php 页面的 jquery 数据对象中捕获的。
echo "
var $d = $('<div/>', {
id: 'hi' + $('#textResp').children().length,
class: 'eventdiv',
html: 'hello'
}).hide().fadeIn(3000);
$('#textResp').append($d)
";
问题是, ' 没有被转义。我尝试过使用 /' 来转义,但出现错误。我确信我做错了,有谁知道在哪里放置 /' 而不是 '?
I have this code that is captured in the jquery Data object from a php page.
echo "
var $d = $('<div/>', {
id: 'hi' + $('#textResp').children().length,
class: 'eventdiv',
html: 'hello'
}).hide().fadeIn(3000);
$('#textResp').append($d)
";
Problem is, the 's are not escaped. I have tried using /' to escape, but it comes up with an error. I am sure I am doing this wrong, does anyone know where to put the /' instead of '?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
您可以使用 php nowdoc< /a> 而不是引号,这会简化事情:
然后在里面使用你想要的任何内容(quote 或 dquote)。当然,这是未解析的,因此如果 $d 实际上引用了 php var 那么你就会遇到问题。
You could use a php nowdoc instead of quotes at all which would simplify things:
then use whatever you want inside (quote or dquote). This is, of course, unparsed so if $d was actually referring to a php var then you would have problems.
你的撇号实际上看起来很好。但是,在双引号字符串中,PHP 会将任何以美元符号开头的字符串作为变量进行计算,并且不会产生所需的结果。尝试用
\$
替换$
的 jquery 相关实例。像这样:Your apostrophes actually look fine. But, within a double quoted string, PHP will evaluate any string beginning with a dollar sign as a variable and not produce the desired result. Try replace the jquery related instances of
$
with\$
. Like this:在php中使用
json_encode
函数,它的行为类似于rails中的escape_javascript
函数。只需将字符串参数传递给 json_encode 函数,它就会为您返回转义字符串,请参阅下面的示例代码:
use
json_encode
function in php, it behaves like theescape_javascript
function in rails.just pass a string argument to the
json_encode
function, and it return the escaped string for you, see the sample code below:您需要在所有
'
之前使用\
。然而,这令人费解,为什么你觉得需要转义字符?看来您只是回显此输出,如果这是在
标记之间,那么应该没问题。
You will need to use
\
before all'
s.However, this is puzzling, why do you feel you need escape characters? It appears you are simply echoing this output, if this is between
<script />
tags, you should be fine.PHP 将尝试扩展出现在双引号字符串中的变量
$name
。由于$d
对于 PHP 解释器来说看起来像一个变量,因此它会尝试用变量的值替换它。假设您没有在任何地方定义
$d
,这将产生一个空白空间,并且可能会产生一个通知(如果您使用错误级别 E_NOTICE)。为了防止这种情况发生,请使用反斜杠转义美元符号(将
$
替换为\$
)PHP will attempt to expand variables,
$name
, that occur in strings wrapped in double quotes. Since$d
looks like a variable to the PHP interpreter, it will try to replace it with the variable's value.Assuming that you don't have
$d
defined anywhere, that will produce an empty space and, possibly, a notice (if you are using error level E_NOTICE).To prevent that from happening, escape dollar signs with a backslash (replace
$
with\$
)使用单引号构建字符串。仅当您明确包含要评估的变量时才使用双引号。 PHP 正在尝试评估其中的所有 $ 引用。通过使用单引号,您将避免许多转义问题。
Use single quotes for your string construction. Only use double quotes when you specifically are including variables that you want evaluated. PHP is trying to evaluate all of those $ references you have in there. By using single quotes, you will avoid many escaping problems.