|
|
Posted by Rik on 08/26/07 02:13
On Sat, 25 Aug 2007 22:46:48 +0200, Séverin Richard
<severin.richard@free.fr> wrote:
> You have to be very carefull concening ',", and htmlentities...
>
> use evry times EXEACTLY the same syntax. Espacially if $someblog[0] may
> be modified by the user.
>
> Moreover, i dont like your: '<? .
>
> You may write something like:
> <script>
> <?
Don't ever rely on short tags...
> echo "document.getElementById('somewhere').innerHTML = '".
> ereg_replace( "'","\\'",$someblog[0] ) .
> "';";
> ?>
> </script>
>
> carriage returns and dblquote(") will be OK.
When did newlines in javascript strings become OK?
>
> for single quote(') the right syntax may be:
> ereg_replace( "'","\'",$someblog[0] )
> or ereg_replace( "'","\\'",$someblog[0] )
> or ereg_replace( "'","\\\'",$someblog[0] )
>
> try all of this.
And more, or better yet, not at all, at least not these constructs.
--
Rik Wasmus
[Back to original message]
|