<? print .. DIV> + InnerHTML question, thank you

[encepif]

Hopefully someone can give me definitive answer:

What steps can I take to do this process, so no breakdowns in
presentation occurs when I use,

<script>
document.getElementById("somewhere").innerHTML = '<?print
$someblog[0];?>'
</script>

<div id=somewhere></div>

So, someblog[0] might have weird characters, un-escaped whatevers,
that clog of the div presentation. I am not sure what to catch or
what converters to use. What are basic considerations & science do I
need to apply to the string prior to presentation in the div?

Thank you for assistance. Have a good day.

 

[Thomas 'PointedEars' Lahn]

What steps can I take to do this process, so no breakdowns in
presentation occurs when I use,

<script>
document.getElementById("somewhere").innerHTML = '<?print
$someblog[0];?>'
</script>

<div id=somewhere></div>

<script type="text/javascript">
// <![CDATA[
document.write('<div id="somewhere"><?php
echo addslashes(htmlentities($someblog[0]));
?><\/div>');
// ]]>
</script>


HTH

PointedEars

 

[Thomas 'PointedEars' Lahn]

[...]
document.getElementById("somewhere").innerHTML = '<?print ^^^^^^^
$someblog[0];?>' ^^^^^^^^^^^^^^^
[...]

[...] There's no PHP code here.

There is. It's not the best way to write it, but it's PHP code nonetheless.


PointedEars

 

[Rik]

Hopefully someone can give me definitive answer:

What steps can I take to do this process, so no breakdowns in
presentation occurs when I use,

<script>
document.getElementById("somewhere").innerHTML = '<?print
$someblog[0];?>'

'<?php print..' you mean?

</script>

<div id=somewhere></div>

So, someblog[0] might have weird characters, un-escaped whatevers,
that clog of the div presentation. I am not sure what to catch or
what converters to use. What are basic considerations & science do I
need to apply to the string prior to presentation in the div?

(If no html is allowed, either htmlspecialchars or striptags.)

Replace linebreaks with literal '\n'. Escape quotes. And finally: make
sure it's in the right character set.

 

[Séverin Richard]

You have to be very carefull concening ',", and htmlentities...

use evry times EXEACTLY the same syntax. Espacially if $someblog[0] may
be modified by the user.

Moreover, i dont like your: '<? .

You may write something like:
<script>
<?
echo "document.getElementById('somewhere').innerHTML = '".
ereg_replace( "'","\\'",$someblog[0] ) .
"';";
?>
</script>

carriage returns and dblquote(") will be OK.

for single quote(') the right syntax may be:
ereg_replace( "'","\'",$someblog[0] )
or ereg_replace( "'","\\'",$someblog[0] )
or ereg_replace( "'","\\\'",$someblog[0] )

try all of this.
good luck;

 

[Rik]

You have to be very carefull concening ',", and htmlentities...

use evry times EXEACTLY the same syntax. Espacially if $someblog[0] may
be modified by the user.

Moreover, i dont like your: '<? .

You may write something like:
<script>
<?

Don't ever rely on short tags...

echo "document.getElementById('somewhere').innerHTML = '".
ereg_replace( "'","\\'",$someblog[0] ) .
"';";
?>
</script>

carriage returns and dblquote(") will be OK.

When did newlines in javascript strings become OK?

for single quote(') the right syntax may be:
ereg_replace( "'","\'",$someblog[0] )
or ereg_replace( "'","\\'",$someblog[0] )
or ereg_replace( "'","\\\'",$someblog[0] )

try all of this.

And more, or better yet, not at all, at least not these constructs.

 

[Gregor Kofler]

Séverin Richard meinte:

for single quote(') the right syntax may be:
ereg_replace( "'","\'",$someblog[0] )
or ereg_replace( "'","\\'",$someblog[0] )
or ereg_replace( "'","\\\'",$someblog[0] )

try all of this.

Now, that's what I call helpful... Anyway, since he's doing a lot of
trying anyway, he should either stick to preg_replace() if RegEx are
required, since *this* is proper contemporary PHP. However, in this case
RegEx is complete overkill. An ordinary str_replace() will do [1].

Gregor


[1] http://at2.php.net/str_replace

 

[Steve]

| Séverin Richard meinte:
|
| > for single quote(') the right syntax may be:
| > ereg_replace( "'","\'",$someblog[0] )
| > or ereg_replace( "'","\\'",$someblog[0] )
| > or ereg_replace( "'","\\\'",$someblog[0] )
| >
| > try all of this.
|
| Now, that's what I call helpful...

man, there are a ton of prima donnas here! jesus christ!

| Anyway, since he's doing a lot of
| trying anyway, he should either stick to preg_replace()

i agree...it gives much better performance.

| if RegEx are
| required, since *this* is proper contemporary PHP.

"proper"?!!! wtf!

ummmm...ereg *IS* using regex. it's just a different processing engine.
"proper"...that's a laugh.

| However, in this case
| RegEx is complete overkill.

disagree completely.

| An ordinary str_replace() will do [1].

only if you're not used to writing regex. but to technically disagree, no,
str_replace won't easily take care of everything that should be checked.