I am passing value dynamically to javascript function.
I am retrieving data from database and filling to javascript function, it does not have a static binding.
share_it(data_from_mysql_database);
like
share_it('value from mysql database');
Some times value contain a single quote (').
like: share_it(' Essentially you'll have to have a good academic history ');
So function call gives error that:
Uncaught SyntaxError: Unexpected identifier
You ought to be converting special chars on the upstream rather than the downstream. Converting it on the upstream saves time later when an inexperienced developer does not care to escape the data on the downstream when sent to the client. Since you have not properly converted the data on the upstream, you have no choice. You should escape it.
share_it(escape(data_from_mysql_database));
Example"
> escape("You're awesome");
'You%27re%20awesome'
>
You can use the \ character to escape such characters:
share_it(' Essentially you\'ll have to have a good past academic ');
Or, you can switch to using double quotes if you know you will need to embed a single quote character:
share_it(" Essentially you'll have to have a good past academic ");
You can freely switch between double " and single ' quotes where you need the other in a literal string:
share_it(" Essentially you'll have to have a good past academic ");
Only in cases where you need both, you need to escape the repeating character:
share_it(" Essentially you'll have to have a good \"past\" academic ");
You can also replace the ' in the string with '.