rajchahal Posted July 7, 2008 Share Posted July 7, 2008 Hi there I'm reading a string from mysql through php 5. The string contains html tags. I want a div tag to get populated with this data when a user selects the title. I'm having problems formatting the javascript onclick function. When the data is read any apostophe's confuse the javascript code. Within the php i've tried to use addslashes - this works to an extent but in the database text there are some special characters (para ¶) which have been inserted with the text editor and are not needed. All I require from the db is the text and the html formatting. Could someone help in getting this code to work pls. $title = $row['title']; $article = $row['article']; <a href ="#" onclick ="document.write ( ' <?=$article ?> ');"> this one </a> ----------------------------------------------------------------------------------------------- Quote Link to comment Share on other sites More sharing options...
lemmin Posted July 7, 2008 Share Posted July 7, 2008 Instead of addslashes try mysql_escape_string() or only escape those apostrophes using preg_replace(). preg_replace("[']", "\'", $subject); Quote Link to comment Share on other sites More sharing options...
rajchahal Posted July 7, 2008 Author Share Posted July 7, 2008 hi thanks I tried mysql_escape_string() and it worked first time.. (I spent 2 days on this problem!) But I've added an image to the text fiels, image uses " for atributes. therefore this halts the script once again. I thought I could use your preg_replace("[']", "\'", $subject); code to conver all double quoted to single quotes and then use mysql_escape_string() . Will this work ? How do I set preg_replace("[']", "\'", $subject) to catch double quotes? thanks so much Quote Link to comment Share on other sites More sharing options...
lemmin Posted July 7, 2008 Share Posted July 7, 2008 That is actually what you will have to do. For some strange reason, whatever type of quotes is used around your string is the only type that is escapable. This means that you can't escape the double quotes if you are escaping single quotes. To turn the double quotes into single quotes, you can do this: preg_replace(array("[\"]", "[']"), array("'", "\'"), $subject); The escape in the array is only to escape it out of PHP. Also, notice that the double quote must be escaped first because the entire string will be searched again and the recent replacements will then be replaced, as you would want. This means that you don't have to use mysql_real_escape_string() after using this replace. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.