How to Safely Encode PHP Strings for JavaScript Variables?

Encoding Strings for Output to JavaScript Variables

Question:

How to efficiently encode a PHP string containing special characters (e.g., quotes, newlines) for use in a JavaScript variable?

Answer:

To encode a PHP string, the recommended approach is to leverage the json_encode() function with the JSON_UNESCAPED_UNICODE flag:

<script>
  var myvar = <?= json_encode($myVarValue, JSON_UNESCAPED_UNICODE); ?>;
</script>

Considerations:

• This method requires PHP 5.2.0 or later.
• The $myVarValue must be encoded as UTF-8 or US-ASCII.
• UTF-8 supports full Unicode, allowing for safe conversion on the fly.

Additional Notes:

• If encoding for use in HTML attributes (e.g., onclick), use htmlspecialchars() to escape special characters:

htmlspecialchars(json_encode($string), ENT_QUOTES);

• This addresses potential issues with character sequences being interpreted as HTML entities, ensuring proper functionality in JavaScript.

The above is the detailed content of How to Safely Encode PHP Strings for JavaScript Variables?. For more information, please follow other related articles on the PHP Chinese website!