Escape double quotes of HTML attributes output by PHP


Often when writing PHP I'll have it output some HTML like this -

echo "<a href="../" title="link title">".$link_text."</a>";

Obviously this won't parse as I need to escape the double quotes in the attributes of the <a> element. Is there a regex that would quickly do this rather than me manually adding the backslashes?

One other thing - the regex shouldn't escape double quotes outside of the tag (e.g. where I've appended the $link_text variable.

Any ideas?

7/8/2009 9:55:43 AM

Accepted Answer

You should just use single-quotes instead:

echo '<a href="../" title="link title">' . $link_text . '</a>';
7/8/2009 10:00:24 AM

Solutions I can come up with (not without escaping):

  • Single quotes

    echo '<a href="../">' . $link_text. '</a>';
  • Use double quotes

    echo "<a href='../'>$link_text</a>";
  • Sprintf

    echo sprintf('<a href="../">%s</a>', $link_text);

    echo <<<EOF
    <a href="../">$link_text</a>
  • Use template engine like smarty

  • Exit PHP-mode:

    ?><a href="../"><?php echo $link_text ?></a><?php // other code...

BTW, be sure to use htmlspecialchars() on $link_text variable, or you’ll have a XSS security hole.

Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow