English 中文(简体)
What characters need to be escaped when echoing Javascript in PHP?
原标题:

I m trying to echo out the Javascript for the Google AdWords conversion tracking code within a PHP if statement. I ve done a bunch of googling but can t seem to find a definitive list of what characters I d need to escape to have the code execute properly. Anybody have suggestions?

This first bit of code is the beginning of the if statement that calls an include with the conversion code snippet:

if ( @mailit ) {
include ("conversioncodes.php");

This is the contents of conversioncodes.php that includes the code snippet that I m trying to figure out how to escape properly. The goal is to have the conversion code track the conversion when the conditions of the if statement is met.

echo "<!-- Google Code for Homepage Form Submit Conversion Page -->
<script type="text/javascript">
<!--
var google_conversion_id = XXXXXXXXXX;
var google_conversion_language = "en";
var google_conversion_format = "3";
var google_conversion_color = "ffffff";
var google_conversion_label = "XXXXXXXXXXXXXXX";
var google_conversion_value = 0;
//-->
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
<noscript>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/XXXXXXXXXX/?label=XXXXXXXXXXXXXXXXXXX&amp;guid=ON&amp;script=0"/>
</div>
</noscript>";
问题回答

Assuming you re using PHP 5.3+, just use a NOWDOC and no parsing will be done, so you won t have to escape anything:

echo <<< ENDMARKER 
<!-- Google Code for Homepage Form Submit Conversion Page -->
<script type="text/javascript">
<!--
var google_conversion_id = XXXXXXXXXX;
var google_conversion_language = "en";
var google_conversion_format = "3";
var google_conversion_color = "ffffff";
var google_conversion_label = "XXXXXXXXXXXXXXX";
var google_conversion_value = 0;
//-->
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
<noscript>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/XXXXXXXXXX/?label=XXXXXXXXXXXXXXXXXXX&amp;guid=ON&amp;script=0"/>
</div>
</noscript>
ENDMARKER;

Just use single quotes instead.

echo  <!-- Google Code for Homepage Form Submit Conversion Page -->
<script type="text/javascript">
<!--
var google_conversion_id = XXXXXXXXXX;
var google_conversion_language = "en";
var google_conversion_format = "3";
var google_conversion_color = "ffffff";
var google_conversion_label = "XXXXXXXXXXXXXXX";
var google_conversion_value = 0;
//-->
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
<noscript>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/XXXXXXXXXX/?label=XXXXXXXXXXXXXXXXXXX&amp;guid=ON&amp;script=0"/>
</div>
</noscript> 

Off: Single quotes are several times faster than double quotes, and by several I mean a LOT.

Perhaps just break out of php? This way you ll also keep the syntax highlighting as clear as you can.

?>
<!-- Google Code for Homepage Form Submit Conversion Page -->
<script type="text/javascript">
<!--
var google_conversion_id = XXXXXXXXXX;
var google_conversion_language = "en";
var google_conversion_format = "3";
var google_conversion_color = "ffffff";
var google_conversion_label = "XXXXXXXXXXXXXXX";
var google_conversion_value = 0;
//-->
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
<noscript>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/XXXXXXXXXX/?label=XXXXXXXXXXXXXXXXXXX&amp;guid=ON&amp;script=0"/>
</div>
</noscript>
<?php

Just as a side-note, keep in mind that the element that you re really missing here is a robust way of providing some kind of template. Templates make dealing with php so much cleaner, separates the presentation logic from the business logic. I highly recommend at least using separated php files as templates, if not using a full blown template engine.

I got all confused on the same problem a while ago. The general answer is really not trivial.

I gave up and rewrote my code to use json_encode() which sorted it all out very easily. And the rewrite was quick too. I d have saved myself a lot of time had I thought of it sooner.

Package up in an object or array the data you need give to your JS script, json_encode() it and write that.





相关问题
Brute-force/DoS prevention in PHP [closed]

I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...

please can anyone check this while loop and if condition

<?php $con=mysql_connect("localhost","mts","mts"); if(!con) { die( unable to connect . mysql_error()); } mysql_select_db("mts",$con); /* date_default_timezone_set ("Asia/Calcutta"); $date = ...

定值美元

如何确认来自正确来源的数字。

Generating a drop down list of timezones with PHP

Most sites need some way to show the dates on the site in the users preferred timezone. Below are two lists that I found and then one method using the built in PHP DateTime class in PHP 5. I need ...

Text as watermarking in PHP

I want to create text as a watermark for an image. the water mark should have the following properties front: Impact color: white opacity: 31% Font style: regular, bold Bevel and Emboss size: 30 ...

How does php cast boolean variables?

How does php cast boolean variables? I was trying to save a boolean value to an array: $result["Users"]["is_login"] = true; but when I use debug the is_login value is blank. and when I do ...

热门标签