PHP string to javascript can break the code - some character, i guess, is the issue?

Question

I am passing a PHP string into onclick. This text comes from YouTube (a video description). In some cases the string breaks the code.

Characters \n \r ' and " are removed so it is not obvious what character is the cause.

echo "<span onclick='update_hits(\"".$id."\");vidtxt=\"".$desc6."\";openVideo(\"".$v."\",\"".$sn." : ".addslashes($title)."\",0)'><img src='".$apng."' border='0' />Play large</span>";

I have tried everything I can think of to solve the issue but have not succeeded.

$desc6=nl2br($desc6);
$desc6=preg_replace('/[\x00-\x1f]/', '', $desc6);
$desc6=preg_replace('/\xc2[\x80-\x9f]/', '', $desc6);
$desc6=preg_replace('/[\x7f]/', '', $desc6);
$desc6=nl2br($desc6);
$desc6 = iconv("UTF-8", "UTF-8//IGNORE", $desc6); 
$desc6=preg_replace('~\p{C}+~u', '', $desc6);
$desc6=htmlspecialchars($desc6);
$desc6=preg_replace('/[\x00-\x1F\x7F]/', '', $desc6); 
$desc6=ereg_replace('[[:cntrl:]]', '', $desc6); 
$desc6 = str_replace(chr(127), "", $desc6); 
$desc6=preg_replace('/\bKa(\W|$)/i', '', $desc6);
$desc6=addslashes($desc6); 

Most description strings work fine, even those with text in other languages. But something breaks this sometimes.

Stripping to just ascii, which would mean that I cannot display non-english languages, does work.

$desc6=preg_replace('/[^(\x20-\x7F)]*/','', $desc6);

The following allows all descriptions to work, but languages like Korean don't appear properly:

$desc6 = iconv("ISO-8859-1", "UTF-8//IGNORE", $desc6); 

Any ideas?

ps:
$desc6=json_encode($desc6); breaks all :(

Answer 1

.addslashes($title)."\",0) Shouldn't that be "\""

Answer 2

All you need is two functions:

• json_encode to encode the JavaScript strings.
• htmlspecialchars to encode the HTML attribute values.

Both in action:

echo "<span onclick='".htmlspecialchars("update_hits(".json_encode($id).");vidtxt=".json_encode($desc6).";openVideo(".json_encode($v).",".json_encode($sn." : ".$title).",0)", ENT_QUOTES)."'><img src='".htmlspecialchars($apng, ENT_QUOTES)."' border='0' />Play large</span>";