Characters that need to be escaped when using "" or ''

[heldenbrau]

I have been trying to find on the internet a simple list of characters that need to be escaped.

 

I want to know what characters need to be escaped when using "  "

and what ones need to be escaped when using '  '

 

I can't find this information anywhere, so I don't know what is causing the bugs in my code.

[wildteen88]

What ever quotes you start the string with you need to escape. eg

 

echo "<div id=\"container\">content here</div>";

 

Or

echo 'O\'Reilly';

[heldenbrau]

But aren't there any other characters I need to escape.  I want to get php to create another php program, it is huge so I couldn't expect anybody to go through the whole thing for me.

 

I am quoting the whole program in " and " so am escaping the characters " and $ with \" and \$

 

But how do I know that I am escaping all the characters I need to, what about characters like ? + ;

I need to know all the characters that need the slash in front of them. 

 

At the moment I have this error

 

Parse error: syntax error, unexpected '"', expecting T_STRING in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\kangercourt\website\post.php on line 402

 

I have been going over the enquoted program of 7 hours now and I cannot find where I have gone wrong.  I must have checked that every $ and " has a slash in front of it 100 times, and they all do. I am losing hope.

[oni-kun]

Essentially the standard characters which need to be escaped in " " are automatically escaped in ' ' ..

 

Like the example above:

$html = "<div ID=\"red\">Price: \$$price</div>";

$html = '<div ID="red">Price: $'.$price.'</div>';

 

'{code}' escapes automatically things such as.. ",$,\.. so notice you can only create a newline like "\n" not '\n' .. since it'll parse as literal... in '{code}' you ONLY need to escape (') and nothing else.

 

It seems that you have a quote.. ", in the wrong place, you should post that line to show us which character is wrong..

[Daniel0]

http://php.net/manual/en/language.types.string.php

[heldenbrau]

I don't think there is anything wrong with that line because it is just a blank line.  I think the problem is caused before it.  I will post some lines of the data string and point out where that line 402 is.

 

\$sql=\"SELECT userid, rating, text, time FROM casedet$casenum ORDER BY time ASC \$max\";
    if (\$result = \$mysqli->query(\$sql)) 
      {
      if (\$result->num_rows > 0)
        {
        while(\$row = \$result->fetch_array())
          {
          \$postime= date(\"d M Y H:i:s\", \$row[3]);

          echo\"<div id=\\\"userid\\\">\
n\";

          echo\"<a href=\\\"userids/\$row[0].php\\\" target=\\\"_blank\\\">\$row[0] (\$row[1])</a>
  |  <a href=\\\"report.shtml\\\" target=\\\"_blank\\\">(Report this post)
</a>  |   Posted \$postime BST\\n\
";
          echo\"</div>
\\n\";
          echo\"<div id=\\\"casecontent\\\">\\n\
";


          echo\"<br />\\\n\";
          echo\"\$row[2]<br />

<br />\
\n\";
          echo\"</b></b></u></i></a></font>\\n\";
          echo\"</div>\\n\";
          }




          \$result->close();
        }
      }else {
      echo \"ERROR: Could not execute \$sql . \" . \$mysqli->error;
    }

\$mysqli->close();

echo \" --Page \$pagenum of \$last-- <p>\";


if(\$pagenum >4 and \$pagenum<(\$last-3)){\$next1 = \$pagenum-3;
}else if (\$pagenum <5)
   {\$next1=2;
}else if (\$pagenum >(\$last-4) and \$last>9)
   {\$next1 = \$last-7;
}else{\$next1=2;
}

 

 

echo \" --Page \$pagenum of \$last-- <p>\";

 

            <---- This is line 402, a blank space

if(\$pagenum >4 and \$pagenum<(\$last-3)){\$next1 = \$pagenum-3;

}else if (\$pagenum <5)

  {\$next1=2;

 

[heldenbrau]

The line number with the error is always the same, even if I delete or add blank or non blank lines.

[RestlessThoughts]

Have you tried, by chance, sticking your php script into a file, then calling that file into a variable, putting the addslashes or htmlentities function to it and then doing whatever to it, like echoing it out in a textbox? Without really knowing the details, I don't see why that couldn't work just as well for whatever editing/creating you need php to do with the other script.

 

$myFile = "file.php";
$fh = fopen($myFile, 'r');
if(file_exists($myFile)) {
$theData = fread($fh, filesize($myFile));
fclose($fh);
$text = addslashes($theData);
echo "<textarea cols='50' rows='20'>$text</textarea>";
}else{
echo "Nope, file not found.";
}

 

Best of luck to you, hope you find and squash your bugs soon.

[wildteen88]

You'll save yourself a lot of time and trouble if your used single quotes. Variables do not get parsed in single quotes, so you dont need to escape the $ or " either, just need to escape the single quotes

 

However maybe a better of option is to save all your code that needs to be written into text files instead?

[heldenbrau]

I need some of the variables to be passed, so need double quotes.  I have downloaded a script editor now that has solved my problems.  I downloaded tsWebEditor and it put all the text in between " and " in red, and the \bits in blue. 

 

It immediately showed me where the problem was:

 

</a>  |   Posted \$postime BST\\n\
";

 

I thought it had just wrapped around to the next line, but it really looked like this //n/ "; a space between the / and the " so the " wasn't slashed out.

 

I don't think I would ever had found this.  Looks like I need this script editor, it will save me hours.

 

[wildteen88]

Not necessarily you can do

 echo ' $vartobewritten = ' . $yourvar .'; carry on with code to be written';