Member Avatar for Aardwolf

How does this work?

echo '<script type="text/javascript">
var str='.include("engine.php").';
var str_esc=escape(str);

What this script should do in my point of view outcome is to escape the whole page so the source page is not viewing the html and everything, rather then the escaped characters.

this won't work, i don't know why, can anyone help?

Recommended Answers

All 3 Replies

Perhaps if you explain what you are trying to achieve... Or show what's inside engine.php

<?php echo '<script type="text/javascript">var str="';
echo '"; var str_esc=escape(str);document.write(str_esc);
</script>'; ?>

ensure that the output of engine.php does not output any unescaped dquotes, which would terminate the variable str and cause errors

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.