Member Avatar

How does this work?

<?php
echo '<script type="text/javascript">
var str='.include("engine.php").';
var str_esc=escape(str);
document.write(str_esc)
</script>';
?>

What this script should do in my point of view outcome is to escape the whole page so the source page is not viewing the html and everything, rather then the escaped characters.

this won't work, i don't know why, can anyone help?

Recommended Answers

Perhaps if you explain what you are trying to achieve... Or show what's inside engine.php

Jump to Post

All 3 Replies

Perhaps if you explain what you are trying to achieve... Or show what's inside engine.php

<?php echo '<script type="text/javascript">var str="';
include("engine.php");
echo '"; var str_esc=escape(str);document.write(str_esc);
</script>'; ?>

OOPS::
ensure that the output of engine.php does not output any unescaped dquotes, which would terminate the variable str and cause errors

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.20 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.