Something that has tripped me up ever since I started getting into AJAX is the ' rendering. I have seen this devil in most of my work as of late, especially with a recent project I have had. In this project, I created an editing trick similar to the Status field on Facebook. This grabs the previously written text, and ID of the item, and allows you to edit it right on the spot by putting it into the text field necessary.
In HTML
<a onclick="'editItem('My">My Work's Great</a>
From PHP, I would just allow the response text to go through without any sort of escape towards it. Not very good.
echo "<a href onclick ='editItem('My Work's Great',45)' >My Work's Great</a>
";
The issue is that the ' character is not escaped, causing the Javascript to produce an error on the call back. The rendering, of the response text, is mostly at fault because how this is handled. So if you look at
Harley's Boys, from the PHP response, it'll come out as Harley="s Boys".
A workaround is to throw in extra slashes with the PHP function,
addslashes, into your responses wherever you know that you will be using 's. This works because this will escape the characters for you.
$strResp = "<a href onclick ='editItem('My Work's Great',45)' >My Work's Great</a>
";
echo addslashes($strResp);
In the response code, you'll get
:
"<a href onclick ='editItem('My Work's Great',45)' >My Work's Great</a>"
Instead of the weird looking response we used to get.
Better off putting responses through addslashes, than attempting to pull the escaping through Javascript, because the server side would have difficulty translating this into proper text. URLEncode won't work here, either.