问题
This question already has an answer here:
- Single and double quotes together as HTML attribute value? 2 answers
For a variable inside a echo that contains HTML, where would I add slashes to escape the double quotes?
Example:
echo "<input type=\"hidden\" name=\"id\" value=".$row['id']." />";
This part:
value=".$row['id']."
回答1:
Some tips on outputting HTML with PHP:
- Use single quotes so that you don't have to escape the double quotes (when using echo),
- Use htmlspecialchars() to properly escape any "rogue" values you may have.
Example using echo
:
echo '<input type="hidden" name="id" value="', htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8'), '" />';
Or printf()
:
printf('<input type="hidden" name="id" value="%s" />',
htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8')
);
Or, in HTML mode:
?>
<input type="hidden" name="id" value="<?php echo htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8'); ?>" />
<?php
回答2:
Use htmlentities
:
echo "<input type=\"hidden\" name=\"id\" value=\"".htmlentities($row['id'])."\" />";
回答3:
How about use single quotes so you don't have to escape any quotes. Like so:
echo '<input type="hidden" name="id" value="'.$row['id'].'" />';
来源:https://stackoverflow.com/questions/20622676/escape-double-quotes-with-variable-inside-html-echo