2

I was making a school assignment with involves a shoutbox. A found great tutorial wich uses jquery,ajax,mysql and php. Now i run into a little problem with the following sentence:

$result .= "<li><strong>".$row['user']."</strong><img src="\" alt="\"-\""    />".$row['message']." <span class="\"date\"">".$row['date']."</span></li>";}

I was wondering if anybody could find out why it gives errors. So far I came to this conclusion $row['message'] and then it thinks the rest of the code as a string. So it probably is a apostrophe problem.

Colin Brock
  • 21,267
  • 9
  • 46
  • 61
Robin Hinderiks
  • 23
  • 2
  • Look at the way StackOverflow editor has highlighted your code. See where the contents colour between the `"`'s that you want to actually show as `$result` has changed. This should help you figure out why your code is throwing errors. – PenguinCoder May 15 '12 at 20:48

4 Answers4

5

Just for the sake of making your life easier: use ' for the php and " for html like this:

$result .= '<li><strong>'.$row['user'].'</strong><img src="" alt=""/>'.$row['message'].' <span class="date">'.$row['date'].'</span></li>';

Pretty sure you should get the idea.

Andrius Naruševičius
  • 8,348
  • 7
  • 49
  • 78
  • 1
    This one is IMHO the most clear solution. If row is not filtered yet (what I guess by the name), then you will probably like to sanitize your output using `htmlspecialchars()` in order to prevent XSS attacks. – YMMD May 15 '12 at 20:49
  • Yeah absolutely agree, but I am pretty sure the context of the question itself was not at the level of attack prevention nor it was asking about it. However, a good tip for the future for the asker :) – Andrius Naruševičius May 15 '12 at 20:52
  • I'm going to look into htmlspecialchars(). Thanks for the tip. This seems to be the solution wich i will accept in about 3 minutes :) – Robin Hinderiks May 15 '12 at 20:56
1
$result .= "<li><strong>{$row['user']}</strong><img src='http://www.' alt='My Alt Tag' />{$row['message']}<span class='date'>{$row['date']}</span></li>";

You're confusing yourself by coming in and out of quotations - you can wrap variables with {} to force the interpolation in such cases.

Rawkode
  • 21,990
  • 5
  • 38
  • 45
0
$result .= "<li><strong>".$row['user']."</strong><img src='' alt='-'/>".$row['message']." <span class='date'>".$row['date']."</span></li>";}

Avoid using " inside of the string - it is easy to forget about escaping special chars. Instead of " use '. Besides - you use " only when there is any PHP parsing necessary within this string. E.g.

$var1 = 1;
$test = "$var1"; //evaluates to '1'
$test = '$var1'; //evaluates to '$var1'
mcmajkel
  • 303
  • 2
  • 10
0

It appears that you are attempting to escape quotes and making your job harder. A great feature in PHP for HTML output is using quoted strings so that you don't have to worry about escaping double quotes. Please reference the PHP Manual for Strings.

In other words your line becomes: 

 $result .= '<li><strong>' . $row['user'] . '</strong><img src="" alt="-" />' . $row['message'] .
            '<span class="date">' . $row['date'] . '</span></li>' .
            '<li><strong>' . $row['user'] . '</strong><img src="" alt="-" />' . $row['message'] . 
            '<span class="date">' . $row['date'] . '</span></li>';
inevio
  • 837
  • 6
  • 12