[WinMan]

The [encoded] is the html code for : ‘ … and the source code does show the html code, but obviously displays it as ‘

The problem here is that the images etc. are loaded from a DB which has all entries html encoded, hence the value of ( & # 03 9 ; –> ‘ ) as the return.

Unfortunately the browser does load it as an ‘ and breaks the JS function on the call … :

SyntaxError: missing ) after argument list

as the function is now expecting more arguments as there is an additional ‘ char in there.

[SapnaVishwas]

You can decode it and render it safe to parse.

[Abhey]

the question is not about the parsing, that is not an issue as I’m using prepared statements.

The problem is rather the “visual” aspect :

a user enter’s some text that contains a single or double quote , this is being updated in the db as \” or \’ and then returned as the same value on the website : \” or \’ which looks stupid …

I would ideally want those chars to display in their natural form without the escape…

I have already played around with str_replace and var.replace , say ot replace all ” or ‘ to something like [single] or [double] and insert this into the db as a placeholder and once retrieved the replace goes the other way around.

Unfortunately , for some reason, even if I do the replace BEFORE the insert command, the characters are still being escaped.

[Fierro]

Solved the matter by giving each element a unique ID (numeric) , and am accessing the value of the entity in question then by a unique hidden field, that way the call to js will only have alphanumeric characters and nothing breaks …