Paraphrasing...
OK i have information in a database it reads: This is random text with a "random quote"
$var = 'This is random text with a "random quote"'
onClick="show(\''.$var.'\')
but when displayed (viewing source) it shows:
onclick="show('This is random text with a " random="" quote"')
I have tried mysqli_real_escape_string and str_replace, str_replace works if i am removing the "
Any help, alterations or reworks I would be grateful its driving me nuts right now.
If this for an HTML context, you should be using " to escape those. This is done with the htmlspecialchars function.
If you want it as a JavaScript string, use json_encode on the string.
mysqli_real_escape_string should be used only for database calls, and only as a last resort. Remember, parameterized queries are the best way to compose SQL statements.
You really shouldn't need to ever set an onclick event directly. A library like jQuery has much better ways of doing this:
$('#my_element').click(function() { show('...'); });
Try: addslashes($var). It should add slashes to the quotes so they are escaped in the javascript.
Try this,
<script>
function show(str)
{
alert(str);
}
</script>
<?php
$var = "This is random text with a \'random quote\'";
echo '<a href="javascript:;" onClick="show(\''.$var.'\')">click</a>';
?>