Often when writing PHP I'll have it output some HTML like this -
通常在编写PHP时我会输出一些像这样的HTML -
echo "<a href="../" title="link title">".$link_text."</a>";
Obviously this won't parse as I need to escape the double quotes in the attributes of the <a>
element. Is there a regex that would quickly do this rather than me manually adding the backslashes?
显然这不会解析,因为我需要在元素的属性中转义双引号。是否有正则表达式会快速执行此操作而不是手动添加反斜杠?
One other thing - the regex shouldn't escape double quotes outside of the tag (e.g. where I've appended the $link_text
variable.
另一件事 - 正则表达式不应该在标记之外转义双引号(例如我附加了$ link_text变量的地方)。
Any ideas?
6 个解决方案
#1
You should just use single-quotes instead:
你应该只使用单引号:
echo '<a href="../" title="link title">' . $link_text . '</a>';
#2
Solutions I can come up with (not without escaping):
我能提出的解决方案(并非没有逃脱):
-
Single quotes
echo '<a href="../">' . $link_text. '</a>';
-
Use double quotes
使用双引号
echo "<a href='../'>$link_text</a>";
-
Sprintf
echo sprintf('<a href="../">%s</a>', $link_text);
-
Use HEREDOC
echo <<<EOF <a href="../">$link_text</a> EOF;
-
Use template engine like smarty
像smarty一样使用模板引擎
-
Exit PHP-mode:
?><a href="../"><?php echo $link_text ?></a><?php // other code...
单引号echo' '。 $ LINK_TEXT。 '的';
Sprintf echo sprintf('%s ',$ link_text);
使用HEREDOC echo <<< EOF $ link_text EOF;
BTW, be sure to use htmlspecialchars()
on $link_text
variable, or you’ll have a XSS security hole.
顺便说一句,一定要在$ link_text变量上使用htmlspecialchars(),否则你将有一个XSS安全漏洞。
#3
Use (This syntax dont worry about quotes etc)
使用(这种语法不用担心引号等)
echo <<<EOT
<a href="../" title="link title">$link_text</a>
EOT;
#4
I'd strongly suggest using templating instead of trying to build strings.
我强烈建议使用模板而不是尝试构建字符串。
In raw PHP:
在原始PHP中:
<a href="../" title="link title"><?php echo $link_text; ?></a>
#6
I think you can use
我想你可以用
http://www.example.com/.../Learning-Tutorials/ACTIVE-USER-ACCOUNT/verify.php?email='.$email.'&hash='.$hash.'
"<a href="//www.example.com/.../Learning-Tutorials/ACTIVE-USER-ACCOUNT/verify.php?email="$email&hash=$hash>Click Here to Active</a>"
try it.
#1
You should just use single-quotes instead:
你应该只使用单引号:
echo '<a href="../" title="link title">' . $link_text . '</a>';
#2
Solutions I can come up with (not without escaping):
我能提出的解决方案(并非没有逃脱):
-
Single quotes
echo '<a href="../">' . $link_text. '</a>';
-
Use double quotes
使用双引号
echo "<a href='../'>$link_text</a>";
-
Sprintf
echo sprintf('<a href="../">%s</a>', $link_text);
-
Use HEREDOC
echo <<<EOF <a href="../">$link_text</a> EOF;
-
Use template engine like smarty
像smarty一样使用模板引擎
-
Exit PHP-mode:
?><a href="../"><?php echo $link_text ?></a><?php // other code...
单引号echo' '。 $ LINK_TEXT。 '的';
Sprintf echo sprintf('%s ',$ link_text);
使用HEREDOC echo <<< EOF $ link_text EOF;
BTW, be sure to use htmlspecialchars()
on $link_text
variable, or you’ll have a XSS security hole.
顺便说一句,一定要在$ link_text变量上使用htmlspecialchars(),否则你将有一个XSS安全漏洞。
#3
Use (This syntax dont worry about quotes etc)
使用(这种语法不用担心引号等)
echo <<<EOT
<a href="../" title="link title">$link_text</a>
EOT;
#4
I'd strongly suggest using templating instead of trying to build strings.
我强烈建议使用模板而不是尝试构建字符串。
In raw PHP:
在原始PHP中:
<a href="../" title="link title"><?php echo $link_text; ?></a>
#5
use single quotes or use heredoc. I'd prefer the last.
使用单引号或使用heredoc。我更喜欢最后一个。
#6
I think you can use
我想你可以用
http://www.example.com/.../Learning-Tutorials/ACTIVE-USER-ACCOUNT/verify.php?email='.$email.'&hash='.$hash.'
"<a href="//www.example.com/.../Learning-Tutorials/ACTIVE-USER-ACCOUNT/verify.php?email="$email&hash=$hash>Click Here to Active</a>"
try it.