How to deal with this HTML code echoed with PHP which as both single and double quotes?

Question

I\'m not sure if this is a cleaner way of writing this, but I think I don\'t have problems here:

Answer 1

You can escape the quotiation makrs like this:

echo "<input type=\"text\" name=\"test\" />;

But why dont you make it this way:

echo '<textarea name="' . $meta_box[ 'name' ] . '">

Answer 2

There are a lot of ways to escape content:

$a = 5;
$b = array(3);

// Single quotes treats the insides as you type it, except for a few like 
// double-backslash (which makes a backslash) or backslash apostrophe, which 
// allows a single apostrophe, so including a dollar sign inside will actually
// print it out to screen
$content = 'This will print a literal dollar sign followed by an "a": $a'; // $a
$content = 'This will print a backslash and a literal dollar sign followed by an "a": \$a'; // \$a

// However, variables inside double quotes get resolved with their variable values, 
// unless you have preceded the dollar sign with a backslash to let it be treated 
// as a literal dollar
$content = "This will include the value of  variable \$a, as it is looking for a variable: $a"; // 5
$content = "This will print a literal dollar sign followed by an \"a\" because we have backslash-escaped it: \$a"; // $a

// For cases where you need to use brackets with your variable and you wish to transclude
// the content, you need to enclose the variable inside curly braces. This helps PHP know 
// that the variable has actually ended, and that you didn't want to actually print the 
// bracket afterward
$content = 'This will print a literal dollar sign followed by an "a" and enclosed in braces: {$a}'; // {$a}
$content = "This will include the value of variable \$a, as it is looking for a variable: {$a}"; // 5
$content = 'This will print a literal dollar sign followed by an "a" and brackets and enclosed in braces: {$b[0]}'; // {$b[0]}
$content = "This will include the value of variable \$a, as it is looking for a variable: {$b[0]}"; // 3

...and in HTML (or XML, including true XHTML), you can also do escaping; you can use the escapes no matter whether there are single or double quotes in the HTML:

Helpful for quotation marks used inside quotation marks:

<!-- Hexadecimal escape -->
<input type="text" value="I want a quote here: &#x22; " /> <!-- " -->

<!-- Decimal escape -->
<input type="text" value="I want a quote here: &#34; " /> <!-- " -->

<!-- Predefined entity escape -->
<input type="text" value="I want a quote here: &quot; " /> <!-- " -->

Helpful for apostrophes inside apostrophes:

<!-- Hexadecimal escape -->
<input type="text" value='I want an apostrophe here: &#x27; ' /> <!-- ' -->

<!-- Decimal escape -->
<input type="text" value='I want an apostrophe here: &#39; ' /> <!-- '-->

<!-- The following sadly only works in XML, but not HTML; 
      on the other hand, XML doesn't haven't a lot of the convenient 
      entities like `&nbsp;` predefined though, but you can always use hex 
      or dec safely. -->
<input type="text" value="I want an apostrophe here: &apos; " /> <!-- ' -->

Notice that the hexadecimal tends to be more useful as it is also used in JavaScript:

var content = '\u0027'; // '

and CSS

p:before {content: '\27'} /* ' */

In JavaScript, double-quotes or single quotes have the same meaning (except for fact you need to backslash-escape a different character).

In CSS it is the same, but backslashes are different in that they are typically expected to be followed by a hex Unicode sequence (or another backslash) and are ignored otherwise.

In JavaScript (as with double quotes in PHP), the backslash may have special meaning in escaping other sequences such as '\n' or another backslash, but is ignored otherwise.

You can find these for looking up the "Unicode codepoint" for any character, not just for punctuation, but also for any character in any script. These are usually expressed like U+00A0 or U+0027 (note that it can include letters A-F too). Rarely, they can require 6 digits (or a combination of 2 four digit ones), but usually 4 is sufficient.

Answer 3

I tend to use double quotes for the echo and single quotes within that

echo "Hello string test ' ";

or you can use the escape \

echo "hello string test \" ";

Also in your code you are doing an echo within an echo.

Answer 4

If you really want to output PHP code:

<?php switch ( $meta_box['type'] ) {
    case 'textarea':
        echo '<textarea name="<?=$meta_box[\'name\']?'.'>">
        <?=htmlspecialchars( $data[ $meta_box[ \'name\' ] ] ) ?'.'>
        </textarea>';
        break;
    default:
       echo '<input type="text" name="<?=$meta_box[ \'name\' ] ?'.'>"
           value="<?=htmlspecialchars( $data[ $meta_box[ \'name\' ] ] ) ?'.'>">';

?>

Otherwise this makes more sense to me:

<?php switch ( $meta_box['type'] ) {
    case 'textarea':
        echo '<textarea name="'.$meta_box['name'].'>">'.
          htmlspecialchars( $data[ $meta_box['name'] ] ).
        '</textarea>';
        break;
    default:
       echo '<input type="text" name="'.$meta_box[ 'name' ].'" '.
         'value="'.htmlspecialchars( $data[ $meta_box[ 'name' ] ] ).'">';
}

?>

But I guess that $data[$meta_box['name']] array index isn't correct either.

Answer 5

Why u dont follow KISS rule, try below if u have no more conditions

<?php if( $meta_box['type'] === 'textarea' ) { ?>
  <textarea name="<?php echo $meta_box[ 'name' ];?>"><?php echo htmlspecialchars($data[$meta_box['name']]); ?></textarea> 
<?php } else { ?>
  <input type="text" name="<?php echo $meta_box['name']; ?>"
      value="<?php echo htmlspecialchars( $data[$meta_box['name']]); ?>" /> <?php }?>

Happy to help :)

Answer 6

echo 'String with "double quotes" inside';
echo "String with \"double quotes\" inside";
echo 'String with \'single quotes\' inside';
echo "String with 'single quotes' inside";
echo 'String with \'single quotes\' and "double quotes" inside';
echo "String with 'single quotes' and \"double quotes\" inside";