Not using & when POSTing to php

Question

I'm building a very AJAX site which means posting a lot of information to the server, sometimes typed by a user.

this is how I'm posting things

xmlhttp.open("POST", 'somepage.php' ,true);
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send('post=stuuf I want to send');

An example of my problem is this, someone types FOO BAR as their name which would post firstName=FOO&lastName=BAR

which in php gets you $_POST['firstName'] is FOO and $_POST['lastName'] is BAR

but if someone types the name FOO&BAR SMITH it would post like this firstName=FOO&BAR&lastName=SMITH

which in php gets you $_POST['firstName'] is FOO and $_POST['BAR'] which has no value and this start to fall apart. It means I have to replace & in everything that is posted and I'm finding it annoying.

Is there a way to tell php to ignore any &, and just send one big string. when I need to send multiple values I was planning to break them up with an '_' I could then replace any user typed _ with &#95 and never have to worry about it again.

Could this be done in .htaccess or if not then in the php file itself?

Thanks for any help

Answer 1

You should encode the data you want to sent using encodeURI or encodeURIComponent. That way you can send whatever characters you want.

Answer 2

No, but you absolutely must escape your data before using it as a string inside the ajax request.

Answer 3

Don't do this on the PHP end... send a proper HTTP request! You are mangling all of your data client-side. If you're sending URL encoded data, send it URL encoded.