Asp,vb,javascript multi-layered single-quote double-quote method for spelling HTML, practical (reproduced)

S, single quotes in HTML, double quotes and their escape use (GO) collection
In the JS in the relevant characters to make judgments or values, or spell HTML to assign value in many cases will use these, but also I have just encountered the problem, by referring to the following this article, all solved, excerpt down to make a note! Oh...

------

A button in a webpage that writes the handling code of the onclick event is accidentally written as follows:
<input value= "Test" type= "button" onclick= "alert (" OK ""); "/>
IE prompt error, then casually changed to:
<input value= "Test" type= "button" onclick= "alert (\" Ok\ ");"/>
The result is still wrong.
At this time, I can not understand, although I know the most direct solution is written like this:
<input value= "" type= "button" onclick= "alert (' OK ');"/>
But why is the escape character in JavaScript \ No effect?

Later, a normal code was found:
<input value= "Test" type= "button" onclick= "alert (&quot;OK&quot;);"/>
At this point, it is understood that the original is still attributed to the scope of the HTML, so the escape character should use HTML, rather than JavaScript. The practice of two double quotes is VBScript, \ "This approach is JavaScript, and HTML, it is used &quot, and also can use:", & #x27.

The following is a list of the various expression methods:
<body>
<input value= "OutsideDouble quotesWithinDouble quotes-Error "type=" button "onclick=" alert ("OK"); "/><br/>
<input value= "Outsidesingle quotation marksWithinsingle quotation marks-Error "type=" button "onclick=" alert (' OK '); '/><br/>
<input value= "TwoDouble quotes-Error "type=" button "onclick=" alert ("OK" ");"/><br/>
<input value= "Twosingle quotation marks-Error "type=" button "onclick=" alert ("OK"); "/><br/>
<input value= "\+Double quotes-Error "type=" button "onclick=" alert (\ "Ok\"); "/><br/>
<input value= "\+single quotation marks-Error "type=" button "onclick=" alert (\ ' Ok\ '); "/><br/>
<input value= "OutsideDouble quotesWithinsingle quotation marks-ok "type=" button "onclick=" alert (' OK ');/><br/>
<input value= "Outsidesingle quotation marksWithinDouble quotes-ok "type=" button "onclick=" alert ("OK"); '/><br/>
<input value= "External does not use quotation marks-ok" type= "button" Onclick=alert (' OK '); Alert ("OK"); /><br/>
<input value= "HTML escape Character" (& # 3 4;)-ok "type=" button "onclick=" alert ("OK"); "/><br/>
<input value= "HTML escape Character" (& # 3 9;)-ok "type=" button "onclick=" alert (' OK '); "/><br/>
<input value= "HTML escape Character" (& # x 2 2;)-ok "type=" button "onclick=" alert (' OK '); "/><br/>
<input value= "HTML escape Character" (& # x 2 7;)-ok "type=" button "onclick=" alert (' OK '); "/><br/>
<input value= "HTML escape character &quot; (& q u o t;)-ok" type= "button" onclick= "alert (&quot;OK&quot;);"/> <br/>
<input value= "HTML escape character &apos; (& A P o s;)-ie error" type= "button" onclick= "alert (&apos;OK&apos;);"/> <br/>

<input value= "Other \\-Error" type= "button" onclick= "alert (\ \" ok\\ ");"/><br/>
<input value= "Other \& # 3 4;-Error" type= "button" onclick= "alert (\" Ok\ ");"/><br/>
</body>

1, double quote ""
The double quotes in ASP can be any character, string, HTML code.
For example
<% response.write ("cnbruce here")%> <hr>
<% response.write ("<b> cnbruce here </ b>")%>
The generated page effects are: default text and bold text "cnbruce here"
Now think about it, what if I want to add a color effect to the text on the output page?
1. The general text color is written as follows: <font color = "# 0000ff"> cnbruce </ font>
2, response.write is written like this: response.write ("Enter the content displayed")
3. If you want to put the above hyperlink code in response.write, have you found the write method?
Double quotes and double quotes in color form a nesting effect,
Bound to form response.write ("<font color =" # 0000ff "> cnbruce </ font>")
4, the debugging results are not optimistic, because the front quotes of color and the front quotes of write form a match, the content
<Font color =; the back quote of the same color also matches the back quote of write, the content is:
> cnbruce </ font>. The end result is: # 0000ff in the middle is lonely.
5, so for correct results, you can put # 0000ff as a string in double quotes, and then the word
The connection between the string and the preceding string <font color = and the following string> cnbruce </ font> uses the ampersand
The end result is as follows:
<%
response.write ("<font color =" & "# 0000ff" & "> cnbruce </ font>")
%>
2, single quotes ‘‘
Just as in the Chinese lesson, single quotes can be used for quotes that continue to be enclosed in double quotes.
Then the above statement in response.write ("<font color =" # 0000ff "> cnbruce </ font>")
# 0000ff can turn its double quotes into single quotes:
response.write ("<font color =‘ # 0000ff ‘> cnbruce </ font>"),
This works equally well.
3, the connection character &
The main role of ampersands in ASP is to connect, including: string-string, string-variable, variable-variable and other mixed connections.
Take the following example:
<%
mycolor = "# 0000ff"
response.write ("<font color =‘ "& mycolor &" ‘>" & "cnbruce" & "</ font>")
%>
It is very important to note that the double quotes are used in the single quotes of color ~! You may be confused and watch slowly.
1. Now I have defined a variable mycolor myself. According to the principle, the variable is not placed in response.write.
Double quotes are needed because double quotes are strings, not variables.
2, so response.write if you want to output variables can be written directly: response.write (mycolor)
3, but now. Our variables must be enclosed in double quotes (for example, the above program is placed in single quotes),
How to write a specific response.write?
4, the key wording: add the variables in ASP to the left and right "& include, you can put it in the quotes of response.write, the effect is: response.write (" "& mycolor &" ")
5, analysis response.write ("" & mycolor & ""), in fact, the first empty string is connected to the mycolor variable and then the next string.
6, so, now you should understand the ASP example above.
Continue to strengthen and deepen
<%
mycolor = "# 0000ff"
response.write ("<font color =‘ "& mycolor &" ‘>" & mycolor & "</ font>")
%>
This contains strings, variables, and the use of variables in quotes. I believe you will understand.
Finally, you can mix HTML and ASP.
<% mycolor = "# 0000ff"%>
<font color = <% = mycolor% >> <% = mycolor%> </ td>

One important point is that I haven't talked about the escaping of double quotes.
If you need to use double quotes in a string in vbscript, you need to escape, just like the meaning of escape in javascript, c and other languages.
In vbscript, the way to escape double quotes is to write two double quotes, that is, "", such as
Response.write "I say" "you are so clever!" ""
The output is: I say "you are so clever!"

There are two purposes for using escapes:
1, of course, where double quotes are required, double quotes must be used
2. When outputting html code, it is not recommended to add quotation marks or single quotation marks to the attribute value part (why? Because the W3C standard requires quoting)
That is the case
Response.write "<a href="""+rs("link")+"" target=""_blank"">" + rs ("title") + "</a>"
Red quotes are double-quoted escaped output, and blue quotes are string-defined boundaries
Maybe you think writing like this is not good for reading, but it ’s good to get used to it, and it ’s better to get used to writing like this

In addition, it is recommended to use caution with ampersands, because ampersands can automatically convert numeric types and logical types to string types when they are connected, that is,
b = true
n = 1
s = "abcd"
Response.Write s & n & b
When outputting results, abcd1True
This is not good. After developing such a bad habit, you may sometimes experience unpredictable errors that cause you headaches when operating SQL statements. Therefore, if you want to use the ampersand as a connection, you must explicitly combine the number type and Boolean Type conversion to character type, that is, using the Cstr function. In this way, the function of & is the same as the function of + when connected as a string. The suggestion is not to be greedy for cheap. Programmers must be rigorous.
ASP, VB, JAVASCRIPT Multiple layers of single quotes and double quotes nested when spelling HTML, practical (reproduced)