duanpan3166
2017-10-31 01:35
浏览 70

转义从PHP生成的javascript对象中的引号

I feel like this must surely be a duplicate of an oft-answered question, but I cannot find an answer that addresses my particular issue.

I am loading data from MySQL via PHP, including some strings and a JSON-encoded string. This data may contain special characters, entered by the user.

I then combine this data into a PHP array, then json_encode it and read it into javascript using JSON.parse.

My issue is that an apostrophe in any of these strings will interrupt the javascript, preventing the JSON.parse from completing.

I think there are three ways to solve this:

  1. Do some sort of encoding on the user-entered data before it gets saved to the database
  2. Escape the special characters when loading from the MySQL (using htmlspecialchars() or similar), though this will be difficult when loading data that's stored as a JSON string (I suppose I could decode it, then loop through and escape special characters in each element, then re-encode it).
  3. Escape the special characters in javascript, somehow. But I don't know how I'd do this.

I would have to say that special character encoding is probably the single-most frustrating aspect of web development, as it causes me so many unexpected errors and I struggle to understand the different functions and when they should be used.

EDIT:

var feedback = JSON.parse('{"721103":[{"sessionid":"45","feedback":{"praise":["","",""],"development":["","",""]}},{"sessionid":"46","feedback":{"praise":["Test","Test's",""],"development":["","",""]}}') ;

The apostrophe in Test's breaks the javascript

图片转代码服务由CSDN问答提供 功能建议

我觉得这肯定是一个经常回答的问题的副本,但我找不到一个解答的答案 我的特殊问题。

我通过PHP从MySQL加载数据,包括一些字符串和一个JSON编码的字符串。 这些数据可能包含由用户输入的特殊字符。

然后我将这些数据合并到一个PHP数组中,然后 json_encode 然后使用<将其读入javascript code> JSON.parse

我的问题是,任何这些字符串中的撇号都会中断javascript,阻止了 JSON.parse 完成。

我认为有三种方法可以解决这个问题:

  1. 对用户输入的数据进行某种编码 在将其保存到数据库之前
  2. 从MySQL加载时使用 htmlspecialchars()或类似文件时转义特殊字符,尽管在加载数据时会很困难 存储为JSON字符串(我想我可以解码它,然后遍历并转义每个元素中的特殊字符,然后重新编码)。
  3. 以某种方式逃避javascript中的特殊字符。 但是我不知道我是怎么做到的。

    我不得不说特殊字符编码可能是Web开发中最令人沮丧的方面 因为它给我带来了许多意想不到的错误,我很难理解不同的功能以及何时应该使用它们。

    编辑:

      var feedback = JSON.parse('{“721103”:[{“sessionid”:“45”,“feedback”:{“赞”:[“”,“”,“”]  , “发展”: “”, “”, “”]}},{ “会话ID”: “46”, “反馈”:{ “赞”: “测试”, “测试的”, “”]” 开发“:[”“,”“,”“]}}'); 
       
     
     

    Test的中的撇号打破了javascript < / p>

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

3条回答 默认 最新

  • donglin9717 2017-11-18 15:27
    已采纳

    My attempts to edit @kmoser's answer with the actual solution that worked were rejected in peer review, so here's what worked. All credit to @kmoser:

    $json_feedback = preg_replace( preg_quote('/\u/'), '\\\\\\\\u', json_encode( $feedback, JSON_HEX_APOS | JSON_HEX_QUOT ) );

    It works by replacing singles and double quotes with hex strings when the data is retrieved from the MySQL database. For reasons I don't understand, that still broke the javascript, so I then did a preg_replace to put an additional backslash before the escaped code.

    Notice how many backslashes I had to put in to persuade the preg_replace to put in the additional backslash to prevent the javascript breaking. I may be able to get away with fewer backslashes, the number that appears here is mostly out of sheer frustration with this silly issue!

    已采纳该答案
    打赏 评论
  • doukong1897 2017-10-31 01:47

    This should prevent your javascript from breaking:

    var feedback = JSON.parse(`{"721103":[{"sessionid":"45","feedback":{"praise":["","",""],"development":["","",""]}},{"sessionid":"46","feedback":{"praise":["Test","Test's",""],"development":["","",""]}}]}`) ;
    

    It uses ``, instead of ''. They work the same, but won't be affecting eachother.

    I also corrected your json syntax error.

    打赏 评论
  • doufen1933 2017-10-31 03:36

    Don't munge user data before storing in the DB. You can munge it all you want after retrieving it.

    I assume you're using PHP's json_encode() function to produce the JSON-encoded string, in which case you can use the JSON_HEX_APOS option to encode apostrophes as \u0027, e.g.:

    json_encode( $a, JSON_HEX_APOS )
    

    Where $a is your PHP array. This should produce a JSON string devoid of actual apostrophes, which you can surround with apostrophes to create a Javascript string:

    echo "var feedback = JSON.parse('" . json_encode( $a, JSON_HEX_APOS ) . "')";
    
    打赏 评论

相关推荐 更多相似问题