This question already has an answer here:
i am allowing users to submit data into my website.
This data will more than likely contain html markup generated by forums. The problem is, some forums use "" for some attributes and then use '' for others.
If the user enters this, it will break my PHP code as i assign this entered text to a variable.
I am using HTMLPurifier on this string.
Is there a way to allow a mixture of "' inside a php string?
e.g:
$text = "This is an image <img src='imagelink' alt="imagetext">";
Wouldn't work. But its what i receive sometimes.
Whilst im at it, what is the correct term for " & ' when giving a value to a attribute?
Craig.
</div>
You can delimit the quotes inside the variable like this:
$text = "This is an image <img src='imagelink' alt=\"imagetext\">";
Which will then do what you need.
I am not sure how this HTMLPurifier thingy works, but with this delimiting trick up your sleeve, I am confident that you can find a way to stop folks breaking your variables :)
Edit: As for your little additional question:
Whilst im at it, what is the correct term for " & ' when giving a value to a attribute?
I think you are referring to passing by reference. It means when you pass a variable to a function, you aren't just passing it's value, but the actual variable itself which can be modified and then returned.
<?php
function foo(&$var)
{
$var++;
}
$a=5;
foo($a);
// $a is 6 here
?>