' character is breaking my json outout generated with php

Question

i cant seem to fix this little gremlin.

I have a mySQL database which table has a description field.

My client has used the ' character quite a lot and this is breaking the json i am generating from php.

My script is as follows:

... database call...
$totalRows_rs_results = mysql_num_rows($rs_results);

            if($totalRows_rs_results >0){
                $myData = array();
                //echo('locations near this unitbase:');
                $myData['id'] = $row_rs_results['id_loc'];
                $myData['slug'] = $row_rs_results['slug_loc'];
                $myData['name'] = $row_rs_results['name_loc'];
                $myData['showname'] = $row_rs_results['showname_loc'];
                $myData['description'] = utf8_encode($row_rs_results['description_loc']);
                $myData['image'] = getDefaultLocationImage($database_reelfilm, $reelfilm, $row_rs_results['id_loc']);

                    $myAddress = ($row_rs_results['address_loc'].' '.$row_rs_results['postcode_loc']);
                    $myData['address'] = $myAddress;
                    $myData['maplat'] = $row_rs_results['maplat_loc'];
                    $myData['maplong'] = $row_rs_results['maplong_loc'];

                $myData['parking'] = $row_rs_results['parkinginfo_loc'];
                $myData['features'] = $row_rs_results['internalfeatures_loc'] . ' ' . $row_rs_results['externalfeatures_loc'];
                //$myData['categorys'] = getCategorys($database_reelfilm, $reelfilm, $row_rs_results['id_loc']);            
                $json[] = $myData;          
                $myJSON = json_encode($json);
                return $myJSON;
            };


<span class='showOnMap' data-location='<?php echo makeJSON($database_reelfilm, $reelfilm, 'location', $row_rs_locations['id_loc']);?>' '>
<img src="/images/Icons/map-icon.png" width="32" height="32">
</span>

the outputted json is fine until i come to a record with the aforementioned ' character.

if i remove the offending ' character from the record i get correct output:

<span class="showOnMap" data-related="" data-categorys="" data-location="[{"id":"29","slug":"the-butts","name":"The Butts","showname":"1","description":"Controllable period street location. Looks like an A road or a bus route. Surrounding houses are Georgian or early Victorian.","image":"The Butts 3.jpg","address":"Brentford\r\nLondon TW8 8BQ","maplat":"51.4847373","maplong":"-0.30824250000000575","parking":"","features":" "}]">
<img width="32" height="32" src="/images/Icons/map-icon.png">
</span>

data out generated with the ' character:

<span class="showOnMap" data-related="" data-categorys="" "}]'="" 8bq","maplat":"51.4847373","maplong":"-0.30824250000000575","parking":"","features":"="" tw8="" 3.jpg","address":"brentford\r\nlondon="" butts="" victorian.","image":"the="" early="" georgian="" are="" houses="" surrounding="" route.="" bus="" a="" or="" road="" a'="" data-location="[{"id":"29","slug":"the-butts","name":"The Butts","showname":"1","description":"Controllable period street location. Looks like an ">
<img width="32" height="32" src="/images/Icons/map-icon.png">
</span>

Now it seems very unprofessional to me to tell my client to go through and remove all the offending ' characters (theres over 1000 records).

Ive tried htmlspecialchars() , utf8_encode() to try and fix the problem, not sure which one i need to be using, could anyone point me in the right direction please?

possible duplicate of [Escaping/encoding single quotes in JSON encoded HTML5 data attributes](http://stackoverflow.com/questions/8832528/escaping-encoding-single-quotes-in-json-encoded-html5-data-attributes) — Popnoodles, Mar 11 '13 at 20:20
@popnoodles sorry I swear I saw string concatenation there.. Time to sleep or something... — ppeterka, Mar 11 '13 at 20:22
hi i have been looking around the site for the answer, i started a new question because nothing i have managed to find, has put me in the right direction, the problem is maybe i am doing the json_encode once i have all the data in the array set-up, i cant belive theres no way to sanitize the data so the json_encode works. — Axel Foley, Mar 11 '13 at 20:29
@popnoodles thanks for pointing me to that post its fixed my problem i would upvote but i cant yet!!! — Axel Foley, Mar 11 '13 at 20:36

PlantTheIdea · Answer 1 · 2013-03-11T20:48:11.183

1

Your use of nested quotes is breaking it. Try this:

<span class='showOnMap' data-location='<?php echo makeJSON($database_reelfilm, $reelfilm, "location", $row_rs_locations["id_loc"]);?>'>

By nesting single quotes within single quotes, you end the string ... switching between single and double will properly include them in the full string.

edited Mar 11 '13 at 20:48

answered Mar 11 '13 at 20:20

PlantTheIdea

16,061
5
35
40

thanks i tried your fix but its still outputting garbled json when it encounters the ' character – Axel Foley Mar 11 '13 at 20:25
I didn't see it, you also had an extra quote mark at the end of the tag. Removed it in my answer – PlantTheIdea Mar 11 '13 at 20:48

score 0 · Answer 2 · answered Mar 11 '13 at 20:22

0

You should be entity encoding the value with htmlentities() with something like:

<span class='showOnMap' data-location='<?php echo htmlentities(makeJSON($database_reelfilm, $reelfilm, 'location', $row_rs_locations['id_loc']));?>'>

answered Mar 11 '13 at 20:22

James C

14,047
1
34
43

score 0 · Answer 3 · answered Sep 09 '15 at 13:29

There are lot of way to solve

use addslases function or use htmlspecialchars functions

$myData['description']=htmlspecialchars(utf8_encode($row_rs_results['description_loc'],ENT_QUOTES));

                     OR
    $myData['description']=addslashes($myData['description']);

' character is breaking my json outout generated with php

3 Answers3