I have this following string that I am trying to populate a textarea with how do I escape the " and ' in order for the text to show up in the box? Here is the code below:

$(document).ready(function(){
$('#queryarea').html("mysql_query("INSERT INTO Persons (FirstName, LastName, Age)
VALUES ('Peter', 'Griffin', '35')")");
});

I have this following string that I am trying to populate a textarea with how do I escape the " and ' in order for the text to show up in the box? Here is the code below:

$(document).ready(function(){
$('#queryarea').html("mysql_query("INSERT INTO Persons (FirstName, LastName, Age)
VALUES ('Peter', 'Griffin', '35')")");
});

• javascript
• jquery
• mysql
• text
• escaping

Share Improve this question Follow asked Apr 1, 2011 at 6:21 AmenAmen 71344 gold badges1515 silver badges2828 bronze badges 5

• That's a JavaScript string. jQuery is a library, not a language, and it doesn't reinvent primitive data types. – Quentin Commented Apr 1, 2011 at 6:25
• 2 If you are going to be sending that to a server, then you have the biggest XSS hole in the world. I hope that you have lots of auth/authz security over the program that accepts this data. – Quentin Commented Apr 1, 2011 at 6:26
• Dude why are you so negative. I am just testing this stuff out. Cool out. I know jquery is just a js library. – Amen Commented Apr 1, 2011 at 6:40
• We have no way to know if you are planning to run that code on a private sever on a LAN that only you can access, or on a website with a database that contains the personal information of large numbers of people. Shouting "look out!" seems only reasonable. (And if you know that jQuery is just a library, then you could phrase your questions in a fashion that doesn't leave people thinking otherwise). – Quentin Commented Apr 1, 2011 at 6:46
• Well said. Thanks for the advice. And good looking out. – Amen Commented Apr 1, 2011 at 7:03

Add a ment  | 

3 Answers 3

Sorted by: Reset to default 4

$(document).ready(function(){
$('#queryarea').html("mysql_query(\"INSERT INTO Persons (FirstName, LastName, Age)
VALUES ('Peter', 'Griffin', '35')\")");
});

You can escape them by doing \"

Use \ to escape strings

$('#queryarea').html("mysql_query(\"INSERT INTO Persons (FirstName, LastName, Age)
VALUES ('Peter', 'Griffin', '35')\")");

I did it this way instead:

$(document).ready(function(){
var mysql1 = "mysql_query(\"";
var mysql2 = "INSERT INTO Persons (FirstName, LastName, Age) VALUES (\'Peter\', \'Griffin\', \'35\')";
var mysql3 = "\"";
$('#queryarea').html(mysql1+mysql2+mysql3);
});

Thanks for the help.