I have a loop that builds a table with camera names. In that table is a button:
<button id="editbutton" onClick='edit(this, "<?php echo addslashes($_SERVER['REQUEST_URI']); ?>", "<?php echo addslashes($result_cameras[$i]["camera_name"]); ?>")'>Edit</button>
What I want to do is accept special characters such as single quote, double quote and backslash because I pass this to a javascript function that does some extra stuff:
var edit = function(t, to, cameraname)
{
var mydiv = $("#editform");
if (mydiv.find("form").length) {
mydiv.show();
} else {
// fields
var $myform = $("<form id='EditCameraForm' name='' method='post' action='" + to + "'></form>");
var $myfieldset = $("<fieldset><legend>Edit camera settings</legend></fieldset>");
var $mylabel = $("<label for='CameraName'>Camera name: </label>");
var $myinput2 = js('<input/>').attr('size','25').attr('name','camera_name').attr('id','CameraName').val(cameraname);
...
}
My problem is cameraname is not escaping the special characters. In another post I’ve been steered down the road of using addslashes. Sounds good but I believe the problem is my string: $result_cameras[$i]["camera_name"]. I can do a simple test:
<?php $str="a's camera";
$str=addslashes($str);
echo $str;
?>
This returns a\'s camera as expected. But if I do:
<?php $str=$result_cameras[$i]["camera_name"];
$str=addslashes($str);
echo $str;
?>
This just returns a's camera. I’m sure I’m missing something brain dead here, why is this not being treated as a string with addslashes?
Note: magic_quotes_gpc is off
I suppose, it is some other type of single quote, not
'.For transfering data from php to js,
jsone_ncodeis the best option. It is good for just strings too.