How do I escape single quotes in PHP

Question

I'm working with Magento trying to style error messages as pop-ups, instead of displaying inline.

I found an article explaining how to do this, but the code displays an error when I try to use it. (http://azharkamar.com/5378/magento-modifying-default-message-alert-box-popup-dialog/)

This is the code I am using:

$html .= '<a class="msgclose" href="#" onclick="document.getElementById("messages").style.visibility="hidden"">x</a>';

A comment mentioned after the article said that they "had to escape the single quotes to make it work."

I tried editing the code, and used the code shown below. The close button appears but it won't close the box.

$html .= '<a class="msgclose" href="#" onclick="document.getElementById("messages").style.visibility="hidden"">x</a>';

Any help would be much appreciated, thank you!

possible duplicate of [How to escape only single quotes?](http://stackoverflow.com/questions/6269188/how-to-escape-only-single-quotes) — JasonMArcher, Mar 25 '14 at 19:14

score 0 · Accepted Answer · answered Mar 25 '14 at 18:17

You can escape a single quote by preceeding it with a backslash, or by using double quotes for the string:

$var = 'Escape \' like this';
$var = "Or embed ' like this";

If you need to embed javascript, it might be a bit harder, because the quote in the Javascript string needs also to be escaped. Usually you can get arround by cleverly combining single and double quotes:

$html .= '<a class="msgclose" href="#" onclick="document.getElementById(\'messages\').style.visibility=\'hidden\'">x</a>';

Or you can use heredoc:

$html = <<<html
  <a class="msgclose" href="#" onclick="document.getElementById('messages').style.visibility='hidden'">x</a>'
html;

By the way, escaping quotes in HTML is a different story. You use the " entity for that, so if you want to have double quotes in Javascript, the result would be:

$html .= '<a class="msgclose" href="#" onclick="document.getElementById(&quot;messages&quot;).style.visibility=&quot;hidden&quot;">x</a>';

I tried the first option with combining single and double quotes, and it worked perfectly! Thank you all so much for your quick responses :) — Tamsin, Mar 26 '14 at 01:16

score 0 · Answer 2 · answered Mar 25 '14 at 18:18

You can escape the single quotes in your code, with backslashes, like this:

$html .= '<a class="msgclose" href="#" onclick="document.getElementById(\'messages\').style.visibility=\'hidden\'">x</a>';

Or you can move the javascript out of your html:

$html .= '<a class="msgclose" href="#" onclick="hideMessage()">x</a>';

<script type="text/javascript">
function hideMessage() {
    document.getElementById("messages").style.visibility = "hidden";
}
</script>

score 0 · Answer 3 · answered Mar 25 '14 at 18:22

You can both escape ' putting backslashes before them (' -> \')

$html .= '<a class="msgclose" href="#" onclick="document.getElementById(\'messages\').style.visibility="hidden">x</a>';

Or use the EOF function to eliminate the need for escaping.

$html .= <<<EOF
<a class="msgclose" href="#" onclick="document.getElementById('messages').style.visibility="hidden">x</a>

EOF;

score 0 · Answer 4 · answered Mar 25 '14 at 18:25

To Escape a character in php use \ backslash . But the value that $html will have after escaping it will be untidy Here is how i would do it..

$html .= "<a class='msgclose' href='#' onclick='document.getElementById('messages').style.visibility='hidden''>x</a>";

I used double quotes and within them i used single quotes

How do I escape single quotes in PHP

4 Answers4