...

View Full Version : problems with escaping quotes



chump2877
06-29-2006, 03:03 PM
I have the following line of HTML:


<a href="javascript: editCell(20,'dfh, df99h, dfh, dfh, dfh, Bangladesh\'00','billing_address_cell20','billing_address',1,1);" class="edit2">dfh, df99h, dfh, dfh, dfh, Bangladesh'00</a>

you'll notice the single quote in the function's argument is escaped...

Then I have the function:


function editCell(ref_no,data,cellID,column,toggle,text_input)
{
data = data.replace(/'/,"\'");
data = data.replace(/\\\\'/,"\'");
var dataDisplay = data.replace(/\\'/,"'");

if (toggle == 1)
{
if (text_input == 0 || text_input == "0")
{
var input_field = "<input type=\"text\" name=\"data\" value=\""+dataDisplay+"\">";
}
else
{
var input_field = "<textarea cols=\"20\" rows=\"5\" name=\"data\">"+dataDisplay+"</textarea>";
}

document.getElementById(cellID).innerHTML = "<form name=\"updateForm_"+cellID+"\" method=\"post\" action=\"employee_7033.php\">"+input_field+"<input type=\"hidden\" name=\"ref_no\" value=\""+ref_no+"\"><input type=\"hidden\" name=\"column\" value=\""+column+"\"><br><input type=\"button\" value=\"Update Field\" onClick=\"createpoststring(\'"+cellID+"\',window.document.updateForm_"+cellID+","+text_input+");\"> <input type=\"button\" value=\"Cancel\" onClick=\"editCell("+ref_no+",\'"+data+"\',\'"+cellID+"\',\'"+column+"\',0,"+text_input+");\"><\/form>";
}
else
{
document.getElementById(cellID).innerHTML = "<a href=\"javascript: editCell("+ref_no+",\'"+data+"\',\'"+cellID+"\',\'"+column+"\',1,"+text_input+");\" class=\"edit2\">"+dataDisplay+"<\/a>";
}
}

I'm having problems with this function and the HTML that it generates....Inside the HTML that it generates, the Javascript events aren;t firing properly...I'm at least able to use the Update Field button, but I still get this error when i use it:

In IE:


Expected ')'

in FF:


Error: missing ) after argument list

editCell(20,'dfh, df99h, dfh, dfh, dfh, Bangladesh'00','billing_add...

And I can;t use the Cancel button at all...the javascript simply doesn;t execute.

And I'm only having this problem when there is a single quote inside the javascript argument parameters...

I just want to be able to accomodate single quotes in my javascript function arguments, without the javascript breaking....can anyone help?

Mongus
06-30-2006, 01:19 AM
It looks like your string replacements aren't working as intended. The first one doesn't do anything because it's simply replacing ' with '. Inside of a string ' and \' evaluate to the same character.

The second replace replaces \\' with '. I don't know what you're trying to do with that one.

I got rid of the error by changing the first replace to
data = data.replace(/'/,"\\'");and commenting out the second replace.

chump2877
06-30-2006, 04:21 AM
Inside of a string ' and \' evaluate to the same character.

That right there illustrates the error in my thinking....ugh...thanks

So now I have another question: Is there a javascript equivalent to PHP's addslashes (http://us2.php.net/manual/en/function.addslashes.php)and stripslashes (http://us2.php.net/manual/en/function.stripslashes.php)?

If there isn;t, I was playing with some regex to do the same thing as those 2 PHP functions...altogether, it looks like this:


function escapeIt(string)
{
string = string.replace(/([\\'\$\^]{1})/g,"\\$1");
string = string.replace(/"/g,"~~~~~");
return string;
}

function unescapeIt(string)
{
while ( string.match(/(\\)([\\'\$\^]{1})/) )
{
string = string.replace(/(\\)([\\'"\$\^]{1})/g,"$2");
}
string = string.replace(/~~~~~/g,"\"");
return string;
}

function editCell(ref_no,data,cellID,column,toggle,text_input)
{
data = escapeIt(unescapeIt(data));
var dataDisplay = unescapeIt(data);

if (toggle == 1)
{
if (text_input == 0 || text_input == "0")
{
var input_field = "<input type=\"text\" name=\"data\" value=\""+dataDisplay+"\">";
}
else
{
var input_field = "<textarea cols=\"20\" rows=\"5\" name=\"data\">"+dataDisplay+"</textarea>";
}

document.getElementById(cellID).innerHTML = "<form name=\"updateForm_"+cellID+"\" method=\"post\" action=\"employee_7033.php\">"+input_field+"<input type=\"hidden\" name=\"ref_no\" value=\""+ref_no+"\"><input type=\"hidden\" name=\"column\" value=\""+column+"\"><br><input type=\"button\" value=\"Update Field\" onClick=\"createpoststring(\'"+cellID+"\',window.document.updateForm_"+cellID+","+text_input+");\"> <input type=\"button\" value=\"Cancel\" onClick=\"editCell("+ref_no+",\'"+data+"\',\'"+cellID+"\',\'"+column+"\',0,"+text_input+");\"><\/form>";
}
else
{
document.getElementById(cellID).innerHTML = "<a href=\"javascript: editCell("+ref_no+",\'"+data+"\',\'"+cellID+"\',\'"+column+"\',1,"+text_input+");\" class=\"edit2\">"+dataDisplay+"<\/a>";
}
}

I don;t know if I did it the best way, but it seems to work, and appears to be good for excaping/unescaping at least for my purposes...what do you think?

Brandoe85
06-30-2006, 05:02 AM
Could you just use escape() and unescape()?

chump2877
06-30-2006, 06:03 AM
Could you just use escape() and unescape()?

I tried using escape and unescape earlier, but they didn;t get rid of the error(s) I was having....I really have no clue why either, because the use of those functions seemed like an adequate solution....

At the end of the day, I guess you have to go with what works for you... :rolleyes:

Mongus
06-30-2006, 08:16 AM
escape and unescape are for URL encoding, not HTML encoding. You could try replacing ' with &#39; which is the HTML entity number. &apos; is what should be used but IE doesn't support it. :(



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum