I have a search field where users paste URLs (url is the search query). Most urls work fine, but urls with escaped characters are getting 'unescaped'. For example :
When I copy some url from Chrome browser I get escaped url:
url = input query : 'http://website.com/search/my%20query'
echo $_POST['q'] ~ result is 'http://website.com/search/my query'
The query is submitted by $.ajax :
var qurl = $("#url input[name=q]").val();
var queryString = "q="+qurl;
$.ajax({
url : "script.php",
type: "POST",
data: queryString,
.....
How can I receive the query with the escaped characters ?
Should I bother and process(escape the query of my query) the query url myself?
Magic quotes you are off:
php.ini
magic_quotes_gpc=Off
magic_quotes_runtime=Off
magic_quotes_sybase=Off
Your question is a bit short on detail so, unfortunately, there is a fair bit of speculation in this answer:
The % in %20 should be encoded as %25 (giving %2520) when the data is submitted.
PHP will then decode it to give you %20 in $_POST.
I've never heard of PHP double decoding the data before. So it sounds like the problem is that whatever is making the request is failing to encode the data. This is most likely caused by not using a regular form to submit it and using JavaScript instead.
The solution therefore, is to encode it properly in the JavaScript.
For example:
data = "query=" + encodeURIComponent( document.getElementById('myInput').value );
Update in response to JavaScript being added to the question:
var qurl = $("#url input[name=q]").val();
var queryString = "q="+qurl;
My earlier speculation is confirmed. You haven't encoded the data into the correct format for a query string. Since you are using jQuery.ajax, you can use that to handle your encoding (by passing it an object of data) instead of building the query string manually (and then passing a string):
$.ajax({
url : "script.php",
type: "POST",
data: {
q: $("#url input[name=q]").val()
},
Related
I have a window on my site where the visitors can change them password.
The problem is that the & character is never taken :
If I put those two new passwords :
stack&
stack& (the second is the confirmation)
The insertion in the BD is stack (without the &).
This is the js code :
data: 'nouveau_mdp=' + $('input#champ_nouveau_mdp').val(),
the alert shwos me "stack&"
In PHP, a var_dump of $_POST gives me :
stack (without the &).
Is & a reserved word for jquery ?
This is my js code :
$.ajax({
type: 'POST',
url: 'modification_mdp.php',
data: 'nouveau_mdp=' + $('input#champ_nouveau_mdp').val(),
dataType: 'text',
success: function(reponse) {
reponse = $.trim(reponse);
Have you an idea to reselove this problem please ?
Thanks in advance.
Encode the field value
data: 'nouveau_mdp=' + encodeURI($('input#champ_nouveau_mdp').val()),
by this way & is encoded with the ascii number.
Try passing an associative array, which jQuery will encode for you:
data: { nouveau_mdp: $('input#champ_nouveau_mdp').val() }
You'll need to change the PHP code that receives this value to match (it gets an array rather than a string).
The ampersand character is not allowed to pass by Get method or by Post method in PHP. As the usual syntax to access the PHP by GET method is ines.php?user=username&password=mypassword,
the '&' character separates the two Variables.
That is why it is does not take '&' from 'Stack&' You may use Javascript to Validate if & is not entered in the text Box. Use JavaScript to encode the varaible... No decoding is required at the PHP end
encodeURIComponent("stack&")
This line is the problem:
data: 'nouveau_mdp=' + $('input#champ_nouveau_mdp').val(),
The & character has a special meaning in HTTP. If you had multiple parameters they would be separated by & e.g. nouveau_mdp=mynewpassword&old_mdp=myoldpassword
What you need to do is encode characters such as &, = etc as their hex equivalents i.e. %26 and %3D respectively.
In JavaScript you can do this with the encodeURI() function.
Though, as mentioned in the other answer, jQuery also allows you to pass a JSON dictionary of parameters, and it will do the encoding for you.
i am generating a json string using JSON.stringify and my json string will be like
jsonstring=[{"step1":[{"nm":"John & joe"},{"title":"Hello & hai"}]},{"step2":[{"desc":"1234"},{"usr":"abc#xyz.com"}]}]`
i am escaping & with \& and sending this json string to server through ajax.
$.ajax({
url:"test-usr-data.php",
type:"post",
data:"usrdata="+jsonstring,
success: function(response){
console.log("data is "+response);
},
complete:function (jqXHR, textStatus){
console.log("ajax Request completed"+textStatus);
}
});
The problem is with & char in json string, even though i am escaping & to \& data is not posted to server but ajax request status is success.
I tried removing & from json string it works fine and data is posting to server correctly.
Can any one help me in correct way to escaping & in json string.
Who told you that escaping in URL's works by prepending a backslash?
jQuery will take care of it, just do
data: {usrdata: jsonstring},
FYI: You could use encodeURIComponent as well
data: "usrdata=" + encodeURIComponent(jsonstring),
The way to URI encode a & is as %26, given that 0x26 (38) is the ASCII code for that character.
But don't, use the data: { key: value, ... } way of passing parameters to $.ajax instead, and have jQuery do it all for you.
i need to store s tring like this, AS IS in mysql
member of the ruling <a href="/tets/Polish_United_Workers%27_Party"
but in mysql the %27 is concerted to ' char
how can i keep the sql respecting exactly the string as is?
UPDATE:
I send the text
var string = 'member of the ruling <a href="/tets/Polish_United_Workers%27_Party"'
from javascript to php (maybe the problem is here?)
$.ajax({
url: myurl,
async:false,
data: "text="+string,
type: "POST",
success: function( data ) {....etc...
parte of the sql query on the php file receiving the js call
text = addslashes($_POST["text"])
use
data: {text:string}
instead and let jquery handle the encoding for you. when you insert it to your DB you can call mysql_real_escape_string on it before inserting it so that you're not vulnerable to SQL injection and everything gets escaped properly, or use a more modern database abstraction layer (PDO).
my bad, i overlooked it and YEs the solution was to add escape(string) before submitting to php
arrrhggg
I'm writing a php script that takes some c code and tests it against a few test cases.
But since the source code can have single and double quotes along with slashes, my script doesn't get the entire data when passed via a textarea. I'm posting using the .ajax method of jQuery
When I tried, here's what happens
$code_string = $_POST['code'];
echo $code_string;
the input is
int a,b;
scanf("%d%d",&a,&b);
printf("%d",a+b);
The jQuery code that posts the data is
$('#submitButton').click(
function(evt){
userCode = $('#answer').val();
$.ajax({
type : 'POST',
url : 'scripts/php/check_answer.php',
data : 'code=' + escape( userCode ),
dataType : 'text',
success : populateResponseToQuestion
});
evt.preventDefault;
});
and the output is
int a,b;
scanf("%d%d",&a,&b);
printf("%d",a b);
I want to be able to pass the data to php without anything being trimmed off. In this case the + symbol is lost. With more code, I realize more stuff would be lost or modified.
Your post data is preserved, but if you want it display correctly in HTML document you have to use <br> for new lines, so function nl2br will be helpful. You should also use htmlspecialchars or mentioned earlier htmlentities to avoid problems when posting code with < character (it can be interpreted as opening HTML tag).
[+]
As for JavaScript part, you are doing it wrong. Either use encodeURIComponent() instead of escape() or pass object to the $.ajax:
$.ajax({
type : 'POST',
url : 'scripts/php/check_answer.php',
data : { "code" : userCode },
dataType : 'text',
success : populateResponseToQuestion
});
This way jQuery will handle it for you.
htmlentities is what you're looking for.
<textarea><?php echo htmlentities($code, ENT_QUOTES, "UTF-8") ?></textarea>
You could try:
echo htmlentities($code_string);
I have a problem with my jQuery script that send data via POST method. The problem is whenever it sends data via Ajax that has an "&" ampersand in the sentence, it will cut the sentence when found "&".
Please check the images below for more info.
htmlentites
This function is identical to htmlspecialchars() in all ways, except with htmlentites(), all characters which have HTML character entity equivalents are translated into these entities.
If you're wanting to decode instead (the reverse) you can use html_entity_decode().
Example:
echo htmlentities("&"); // &
if your directly doing this in the browser you should be able to use:
encodeURIComponent(string input);
Example:
encodeURIComponent($.trim($("input[name=t-tim_rendered-"+id+"]").val().toString()));
I've been having a huge problem exactly with this situation.
This is just to say that the last answer from Andrew Koester is the perfect answer I was looking for.
In case you are passing multiple form entries from a jQuery form to PHP through the .ajax() call like this:
data: "name=" + name + "&message=" + message + ...
DON'T USE THIS METHOD, it will block the ampersand(&) character from being written by the user on any of the input fields of your form.
Use this one instead as suggested by Andrew:
data: {"name": name, "email": email, "subject": subject, "comments": comments},
This way the user can write any kind of special character whithout worrying a about conflicting with the ajax declaration.
You can use a native javascript escape() function
In line 74
data: : "&task_d=" + escape(task_d) + ""
Alternatively, you could enclose your query string values in quotes
data: : "&task_d='" + task_d + "'"
If you pass your data parameter as a Javascript object, it will convert the characters for you (and IMO make the code look neater). So you should change your $.ajax call to the following:
data: {"user_id": user_id, "time_r": time_r, "task_d": task_d, "p_id": p_id, "df": finished},
You could use 'encodeURIComponent' to accomplish the URL encoding for that component. I used this and validated with browsers IE, Firefox, and Chrome.