I want to pass a variable from php to HTML as "attribute" so that javascript (jQuery) could access that.
$variable = addslashes( this is the text, coming from database, which can contain '' ' ' ' ' or "" " " " "" " or even <br><hr> tags );
HTML:
<img id="clickMe" titleAttr="<?php echo $variable; ?>" />
JS:
$('#clickMe').click(function() {
alert ($(this).attr('titleAttr'));
});
now Firefox say its a bad HTML code, and alert() shows the text until the first ' signal (the rest is cut off)
You want htmlspecialchars not addslashes.
There is almost always a better escaping mechanism than addslashes for any situation, and when there isn't, addslashes is rarely sufficient so you need to write one.
addslashes is particularly poor for inserting data into HTML since \ is not an escape character in HTML.