0

I have a function that, when clicked, fills in a field of the parent window. In this case, it's a name (text) field.

The problem I'm having is if the field has a single quote in it (ex. Bill's Chili) the function fails because it reads the single quote as the end of the parameter.

Here is the call:

href="javascript:selectItem('recipe','recipe_name','<recipe_description')"

Again, if the name is Bill's Chili, it causes a syntax error.

Is there a way to automatically convert that single quote to the HTML equivalent so it will read properly?

Thanks

Stephen P
  • 14,422
  • 2
  • 43
  • 67
fullOfQuestions
  • 453
  • 1
  • 11
  • 25

5 Answers5

2

For the single quotes in the field use \' More info on escape characters here.

href="javascript:selectItem('Bill\'s Chilli','recipe_name','<recipe_description')"
ThinkingStiff
  • 64,767
  • 30
  • 146
  • 239
Branden S. Smith
  • 1,161
  • 7
  • 13
1

The answer I found was completely different than I thought. The page itself is written is ASP (Sorry I forgot to mention that, I didn't think it mattered since the function was javascript and it was called in HTML).

Therefore, I just used this:

<%fixed_name = Replace(recipe_name,"'","") %>

And then used fixed_name instead of recipe_name in the function call.

Thanks for all your help, it set me in the right direction!

fullOfQuestions
  • 453
  • 1
  • 11
  • 25
  • 2
    So you're stripping out the quote, turning *Bill's Chili* into *Bills Chili*? I'd seriously consider escaping it, as was suggested by others: `fixed_name = Replace(recipe_name,"'","\\'")` (not sure if you need the double-backslash in ASP like you do in C-like languages) – Stephen P Jul 30 '12 at 19:36
0

try this

href='javascript:selectItem("recipe","recipe_name","<recipe_description")'
Captain Jack Sparrow
  • 449
  • 3
  • 9
  • 2
    It will fix anything that has a `'` in it, but what if the description has a `"`? – JJJ Jul 30 '12 at 17:55
0

You may try to use escaped 'double' quote like that:

href="javascript:selectItem(\"recipe\",\"recipe_name\",\"recipe_description\")"

Please let me know whether it works.

timestopper
  • 440
  • 3
  • 4
  • What happens if the description is `"Wild" Bill's Chili`? – JJJ Jul 30 '12 at 17:59
  • Please provide the proper explanation. Not just '-1' =) – timestopper Jul 30 '12 at 18:00
  • It will work, because it escapes character with '\' symbol. Isn't it? – timestopper Jul 30 '12 at 18:00
  • 1
    If I got it right, he wants to be able to let someone edit the three rows. And if this someone uses a " then it would be cool if it wasn't crashing. So this has to be done automatically. – Jerska Jul 30 '12 at 18:00
  • @timestopper It will not escape the variables' contents automatically. Any `"` character in the content will break the code. – JJJ Jul 30 '12 at 18:02
  • You can also escape a single quote with: \' In this case no matter what first and last symbol of the string ' or " – timestopper Jul 30 '12 at 18:02
  • Right, and the OP knows that the quotes have to be escaped. He is asking how to do it. – JJJ Jul 30 '12 at 18:03
  • Probably it makes sense to escape quotes inside the content – timestopper Jul 30 '12 at 18:05
  • why you all so angry with this "-1". People trying to understand problem and help. And they nearby correct answer. So I give my +1 on each -1 :P Zero is good mark for this answers :) – Yaroslav Bigus Jul 30 '12 at 18:59
  • @YaroslavBigus It's ok to try to help, but although this answer works for the example data it will only introduce the same bug for other data so it doesn't actually solve anything. It's misleading at best and dangerous at worst. You shouldn't upvote wrong answers, even if they were given in good faith. – JJJ Jul 30 '12 at 19:12
  • As I told before, zero is a good mark for this questions... Actually all downvoted answers says 'You need escape string'. By your logic needs to be downvoted question also, because it hard to say that this is asp(in tags also there is no asp). An example of good Answer/Question provide Zoltan. Maybe make sence mark bad question for removing but not downvote... – Yaroslav Bigus Jul 30 '12 at 19:39
0

You could use str.replace

Just remplace " by &quot; et ' by &#39; . :)

But actually, I'm assuming you're getting all of that stuff from a php script (from some sort of storage), in which case you could escape the quotes directly with php, that would be way more safer.

Jerska
  • 11,722
  • 4
  • 35
  • 54