I was told that escaping HTML characters before 开发者_JAVA技巧entering them into a DB is a bad idea, so I have been modifying my code so that the raw input is stored without escaping. Now I am having a problem outputting the data onto a web page.
In PHP, I use htmlentities() for my output and it works fine, but I am using AJAX to retrieve my data, and thus have to output using JavaScript.
I have tried using the escape() function in JS but my output is not coming out properly. The sample text that I am using to test is:
One, two, & three
I know that it is the ampersand causing issues so my first question is - how do I escape this for output using JS? When I remove it, I get this:
One,%20,two,%20three
... so my second question is, what am I doing wrong here?
Any ideas? I'm sure this is simple for many of you.
(as it seems to have helped you, I will put it as a proper answer)
You can still use htmlentities()
if you use Ajax. Just use it for the response that is generated on the server, like you would if you returned HTML. There is no difference.
精彩评论