可能重复:
PHP: How should I escape a string that will be going into a Javascript String?
我有一个角色的情况。如果我输入一段文字(一个问题),其中包含多个字符,如:
!\“$%^&安培; () - = \”。,:;?/#〜 / \\><
然后我突然收到错误声明:
语法错误:未终止的字符串文字
然后它在控制台中显示:
parent.addwindow('/;!
我的问题是,我可以更改下面代码中的任何内容,以便在问题中使用这些字符吗?
以下是代码:
if (!empty($_GET['searchQuestion']) && ($terms = preg_split('/\s+/', $_GET['questioncontent'], -1, PREG_SPLIT_NO_EMPTY))) {
// A temp array to hold the terms after they have been constructed
$termArray = array();
// We'll need to use this a few times so we'll cache it
$numTerms = count($terms);
// Loop $terms and create an array of strings that can be used with LIKE clauses
foreach ($terms as $term) {
// The str_replace() allows users to include literal % and _ in the search terms
$termArray[] = '%'.str_replace(array('%', '_'), array('\%', '\_'), $term).'%';
}
// Build the query
$questionquery = "
SELECT DISTINCT q.QuestionContent, o.OptionType, q.NoofAnswers, GROUP_CONCAT(an.Answer ORDER BY an.Answer SEPARATOR ' ') AS Answer, r.ReplyType,
q.QuestionMarks
FROM Answer an
INNER JOIN Question q ON q.AnswerId = an.AnswerId
JOIN Reply r ON q.ReplyId = r.ReplyId
JOIN Option_Table o ON q.OptionId = o.OptionId
WHERE ".implode(" AND ", array_fill(0, $numTerms, "q.QuestionContent LIKE ?"))."
GROUP BY q.QuestionId, q.SessionId
ORDER BY ".implode(", ", array_fill(0, $numTerms, "IF(q.QuestionContent LIKE ?, 1, 0) DESC"))."
";
// Make the referenced array
$referencedArray = make_values_referenced(array_merge(
array(str_repeat("ss", $numTerms)), // types
$termArray, // where
$termArray // order by
));
// ...or die() is evil in production but I shall assume we are debuggin so I won't complain
if (!$stmt = $mysqli->prepare($questionquery)) {
die("Error preparing statement: $mysqli->error");
}
// Bind parameters
if (!call_user_func_array(array($stmt, 'bind_param'), make_values_referenced($referencedArray))) {
die("Error binding parameters: $stmt->error");
}
// Execute
if (!$stmt->execute()) {
die("Error executing statement: $stmt->error");
}
// This will hold the search results
$searchResults = array();
$searchOption = array();
$searchNoofAnswers = array();
$searchAnswer = array();
$searchReply = array();
$searchMarks = array();
// Fetch the results into an array
if (!$stmt->num_rows()) {
$stmt->bind_result($dbQuestionContent,$dbOptionType,$dbNoofAnswers,$dbAnswer,$dbReplyType,$dbQuestionMarks);
while ($stmt->fetch()) {
$searchResults[] = $dbQuestionContent;
$searchOption[] = $dbOptionType;
$searchNoofAnswers[] = $dbNoofAnswers;
$searchAnswer[] = $dbAnswer;
$searchReply[] = $dbReplyType;
$searchMarks[] = $dbQuestionMarks;
}
}
}
if (isset($_GET['searchQuestion'])) {
// If $terms is not empty we did a query
if (!empty($terms)) {
$questionnum = sizeof($searchResults);
foreach ($searchResults as $key=>$question) {
echo '<tr class="questiontd"><td>'.json_encode($question).'</td>';
echo '<td class="optiontypetd">'.json_encode($searchOption[$key]).'</td>';
echo '<td class="noofanswerstd">'.json_encode($searchNoofAnswers[$key]).'</td>';
echo '<td class="answertd">'.json_encode($searchAnswer[$key]).'</td>';
echo '<td class="noofrepliestd">'.json_encode($searchReply[$key]).'</td>';
echo '<td class="noofmarkstd">'.json_encode($searchMarks[$key]).'</td>';
echo "<td class='addtd'><button type='button' class='add' onclick=\"parent.addwindow('$question','$searchMarks[$key]','$searchNoofAnswers[$key]','$searchOption[$key]','$searchReply[$key]','$searchAnswer[$key]');\">Add</button></td></tr>";
}
echo "</table>";
}
您可以在此处查看该应用:Application
当您打开应用程序时,只需在模式窗口出现时单击左侧的绿色加号按钮。
在搜索栏中输入?并输入搜索。你会看到一堆结果。
现在除了包含>!\"�$%^&*()-=\'.,:;/?#~*/\\\\><的行外,所有行看起来都很好,该行中的“添加”按钮搞砸了,如果您尝试单击该添加按钮,则会出现已经提到的错误在问题的顶部。
答案 0 :(得分:0)
您的上一个echo应使用json_encode(充当javascript的相关部分)编码
echo "<td class='addtd'><button type='button' class='add' onclick=\"parent.addwindow('$question','$searchMarks[$key]','$searchNoofAnswers[$key]','$searchOption[$key]','$searchReply[$key]','$searchAnswer[$key]');\">Add</button></td></tr>";
示例:
... parent.addwindow('".json_encode($question)."', ....