I have to echo a string that could contain everything into the following html line:
<a href="javascript:void()" onclick="function(<?php ... ?>)">...</a>
I don't know how to properly escape the string I pass with php, there seem to be many problems and json_encode is not working as it wraps the output in double quotes which is not working as the double quotes already begin after "onclick=".
Just replacing single quotes also doesn't work as "\'" would be replaced to "\'".
Any ideas?
you can use addslashes() function. Try this:
<?php
$str = addslashes('What does "yolo" mean?');
echo($str);
?>
Use PHP addslashes function:
<a href="javascript:void()" onclick="function(<?php addslashes($YourParameter) ?>)">...</a>
you can wrap your string with htmlspecialchars, that should do the job.
<a href="javascript:void()" onclick="function('<?=htmlspecialchars('can"be;anything')?>')">...</a>
As none of the answers worked, I had a closer look at the problem and came up with this solution:
function clean_param($string){
// escapes all single quotes and backslashes
$single_qu_esc = addcslashes($string, "'\\");
// escapes the resulting string for html
return htmlentities($single_qu_esc, ENT_QUOTES);
}