Escape double quotes of HTML attributes output by PHP

前端未结

关注

 6  1901

春和景丽 2021-01-06 08:36

Often when writing PHP I\'ll have it output some HTML like this -

echo \"\".$link_text.\"\";

6条回答

广开言路 (楼主)

2021-01-06 09:20
Solutions I can come up with (not without escaping):
- Single quotes
```
echo '' . $link_text. '';
```
- Use double quotes
```
echo "$link_text";
```
- Sprintf
```
echo sprintf('%s', $link_text);
```
- Use HEREDOC
```
echo <<$link_text
EOF;
```
- Use template engine like smarty
- Exit PHP-mode:
```
?>
```
BTW, be sure to use htmlspecialchars() on $link_text variable, or you’ll have a XSS security hole.
0 讨论(0) 查看其它6个回答发布评论: 提交评论加载中...