[ACCEPTED]-Escape double quotes of HTML attributes output by PHP-bbedit

Accepted answer
Score: 13

You should just use single-quotes instead:

echo '<a href="../" title="link title">' . $link_text . '</a>';

0

Score: 8

Solutions I can come up with (not without 4 escaping):

  • Single quotes

    echo '<a href="../">' . $link_text. '</a>';
    
  • Use double quotes

    echo "<a href='../'>$link_text</a>";
    
  • Sprintf

    echo sprintf('<a href="../">%s</a>', $link_text);
    
  • Use 3 HEREDOC

    echo <<<EOF
    <a href="../">$link_text</a>
    EOF;
    
  • Use template engine like smarty

  • Exit PHP-mode:

    ?><a href="../"><?php echo $link_text ?></a><?php // other code...
    

BTW, be 2 sure to use htmlspecialchars() on $link_text variable, or you’ll have 1 a XSS security hole.

Score: 5

Use (This syntax dont worry about quotes 1 etc)

echo <<<EOT
<a href="../" title="link title">$link_text</a>
EOT;
Score: 3

I'd strongly suggest using templating instead 1 of trying to build strings.

In raw PHP:

<a href="../" title="link title"><?php echo $link_text; ?></a>
Score: 0

use single quotes or use heredoc. I'd prefer the 1 last.

Score: 0

I think you can use

http://www.example.com/.../Learning-Tutorials/ACTIVE-USER-ACCOUNT/verify.php?email='.$email.'&hash='.$hash.'

"<a href="//www.example.com/.../Learning-Tutorials/ACTIVE-USER-ACCOUNT/verify.php?email="$email&hash=$hash>Click Here to Active</a>"

try it.

0

More Related questions