I have a problem inserting quotes (') and (") into text/links etc. which has to be displayed via a popup.

CODE
Test link: <a href="javascript:;" onClick='createPopup("text to be displayed", "Title", 400, 200 ); return false;'>CLICK</a>

The red text is displayed in the popup.
If the red text contains any single quotes or double quotes the scipt doesn't work any more.

My guess is it's because of the enclosing quotes?

Anyway I would be very happy if somebody had a solution to this problem?

That's why. Best to use single quotes inside, and double outside.

\' or \"

I get the impression the text displayed is dynamic content, so would be more difficult to escape. You'd have to use regex to find the ' and put \'.

Thanks swapped outer single quotes with inner double quotes and use \' in text. only problem now is at double quotes can't be in the text string. Anyway it do for now

Test link: <a href="javascript:;" onClick="createPopup('test single quotes \'', 'title', 400, 200 ); return false;">CLICK</a>

you can only escape javascript-quotes, whether they're single or double. But you just can't escape HTML-quotes.

So if you need single quotes in your string in a HTML-attribute, use double quotes for HTML:

<A HREF="javascript:;" ONCLICK="alert('Now I can escape this: \' you see?'">Click here</A>

But if you need double quotes in your string in a HTML-attribute, use single quotes for HTML:

<A HREF='javascript:;' ONCLICK='alert("Now I can escape this: \" you see?"'>Click here</A>

Ofcourse the real problem occures when you need both. Some suggestions:

1. You don't use quotes for your HTML-attributes at all. Though I'm sure w3-people won't like you for this, maybe it'll work. On the other hand, this might mean that the browser ends the reading of the attributes value at the next space. I'm not sure it does because I've seen something like this work:

<font face=comic sans ms size=12>No quotes in my HTML</font>


2. You put the values that contain quotes in a var, somewhere in javascript where you don't have to think about HTML-quotes at all.

<script type="text/javascript">
var myvar='This string contains both single quotes: \' and double quotes: " neat isn\'t it?';
</script>
<a href="javascript:;" ONCLICK="alert(myvar);">Click here</a>


3. You use HTML-codes for characters, like & quot ; (without the spaces obviously). This will work depending on what you're going to do with it. If you're gonna display this in an alert like my examples it won't work. But since you're talking about a function createPopup you're probebly gonna display it as HTML and than it will work.

@mods or those fortunate with a higher rank: It's a pain in the ass that the \ followed by a ' is replaced with just a ' in regular text and between FONT=courier new, PHP or CODE vB-codes (yes, I've tried them all) since this is something you might wanna use in your reply. Not that I blame you, I understand why, but surely you can program phpBB to replace a \ with a & # 92 ; without the spaces like I did by myself?

2nd @mods etc.: the & # 92 ; stays & # 92 ; in between PHP vB-codes and probebly in between code-codes. This is why I use FONT=courier new which replaces javascript with java script.

if your in HTML....

<a href="#" onClick=" yourFunction(); ">click this</a>

your function in this case would require that any string passed would need to be wrapped in yourFunction('cheese'); single quotes but in java script, you can use.... yourFunction("cheese");

if your building a string that is to be evaluated in javascript or sent to write(), you need to escape the characters \" & \' for example...

var x="<a href=\"#\" onClick=\"yourFunction(\'cheese\');\">click this</a>";

when passed to document.write will output....

<a href="#" onClick="yourFunction('cheese');">click this</a>

as HTML.

Does that help?

formatting strings is EVERYONES nightmare until you crack it.

Thanks for your responses it was overwhelming.
And it's working and as funkwurm pointed out the tricky part is when I need both single quotes and double quotes, however that is not an issue for now.

And yes senshi it was a quote nightmare since the script call is generated via php.

here is a part of my solution if anybody is interested:
PHP file

$content = " '<img src=\' ".$myrow2["link"]." \'>' ";
$formatted = addcslashes($myrow2["description"]," ' ");
$title = " ' " .$formatted. " ' ";

$script_call = "createPopup(" .$content. ", " .$title. ", ". $myrow2["width"]. ", ".$myrow2["height"]. " ); return false;";

// Start new row, 3 cells per row
if( ($item_count % 3) == 1)
{
$thumbGallery .= "<tr><td><a href=\"javascript:;\" onClick=\" ". $script_call. "\ "> ".

"<img class=\"thumb_gallery\" src=\" " .$myrow2["tn_link"]. " \" alt=\"Click to enlarge\" border=\"0\" width=\"150\" height=\"120\">".
"</a></td>";