Home/ Questions/Q 925769
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T19:34:18+00:00

My code is littered with things like this Write (thePhpFile, ‘ echo <option value=\’

  • 0

My code is littered with things like this 

    Write  (thePhpFile, '    echo "<option value=\"' +
                                    theControl.Name +
                                    '_selection\">" . $' +
                                     theControl.Name +
                                     '_values[$_POST["' +
                                      theControl.Name +
                                      '_selection"]];');

which genrates the following PHP code 

 echo "<option value=\"ComboBox1_selection\">" . 
                      $ComboBox1_values[$_POST["ComboBox1_selection"]];?>

Surely there’s a better way to handle this? Maybe a Delphi function which I can pass the desired PHP string and have it double up quotes where necessary? Or am I deluding myself?

The basic algorithm would seem to be 

// assume all PHP strings are double quoted, even when it's inefficient
find the first double quote, if any
find the last double quote, if any  
for every double quote in between
   change it to \""

Does that sound right? Maybe I should code it myself?

Hmmm, not so easy … in the snippet above, we wouldn’t want to escape $_POST["ComboBox1_selection"] – better just to hand code the mess shown at the top?

Any ideas? I’m off now to google “generating php from delphi” – which is probably what I should have done weeks ago :-/

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You’re not just generating PHP. You’re generating PHP that in turn generates HTML. Your program will need to be aware of both languages’ string-encoding rules. It will probably be easier to write two separate functions for that:

    function QuoteStringForPHP(s: string): string;
function QuoteHTMLAttributeValue(s: string): string;

    Given your example, you’d use them like this:

    ControlName := theControl.Name;
ValueName := ControlName + '_values';
SelectionName := ControlName + '_selection';
Write(thePhpFile, '    echo ' +
  QuoteStringForPHP(
    '<option value=' +
      QuoteHTMLAttributeValue(SelectionName) +
    '>'
  ) +
  '.' +
  '$' + ValueName + '[$_POST[' +
    QuoteStringForPHP(SelectionName) +
  ']];'
);

    Writing them is straightforward:

    // Input: Any sequence of characters
// Output: A single-quoted PHP string literal
function QuoteStringForPHP(s: string): string;
begin
  // Commented apostrophes are only to fix Stack Overflow's code highlighting
  s := StringReplace(s, '\' {'}, '\\', [rfReplaceAll]);
  s := StringReplace(s, '''', '\''' {'}, [rfReplaceAll]);
  Result := '''' + s + '''';
end;

// Input: Any sequence of valid HTML text characters
// Precondition: s has not already had any HTML encoding applied to
//               it; i.e., no character references
// Output: A single-quoted HTML attribute value
function QuoteHTMLAttributeValue(s: string): string;
begin
  s := StringReplace(s, '&', '&amp;', [rfReplaceAll]);
  s := StringReplace(s, '''', '&apos;', [rfReplaceAll]);
  Result := '''' + s + '''';
end;

    I chose to use apostrophes rather than quotation marks since that makes PHP escaping easier. If you use quotation marks for your PHP strings, then you need to worry about variable interpolation. With apostrophes, that problem goes away.

    By making QuoteStringForPHP responsible for quoting and escaping, you make escaping easy. There’s no more guesswork about which characters need escaping because they all do. The ones that don’t need escaping are only added after the escaping work is complete.

    • 0