CODEWITHSUNDEEP
javascriptphp
aozora
aozora

Reputation: 421

Pass a value containing '&' in javascript to php

I have a javascript that pass the value from a select box to a php file via onchange.

This is how the values of the select box is listed:

foreach($config_group as $value){
    if($_SESSION['HOURLY_FT_WIP']['PROD_TESTER']==$value){
        echo "<option selected value='".$value."'>".$value."</option>";
    }
    else{
        echo "<option value='".$value."'>".$value."</option>";
    }
}

This is the script that pass the value to another php page:

function PROD_CHANGE_TESTER(){
    location_change = document.getElementById("PROD_SEL_TESTER").value;
    varURL = "http://" + varServerAddr +
        "/hourly_ft_wip/production_line/prod_line_tester.php?tester_change=" +
        location_change, LOAD(varURL, "TESTER");
    location.reload();
}

Now suppose a value ASL1K & 4Kis selected from the select box. It arrives in the php page as:

$_REQUEST[4K] = ""
$_REQUEST[tester_change] = "ASL1K"

Well it looks like my varURL looks like this: tester_change=ASL1K & 4K so it put it in another place. Adding / may work to escape it. But the data is from the select that is made using foreach.

Upvotes: 0

Views: 31

Answers (1)

Jerodev
Jerodev

Reputation: 33186

You should always use encodeURIComponent when generating urls in your code. This will encode the parts of your url with hex values, making sure there are no & or ? in the added parameters

You would have to do this:

function PROD_CHANGE_TESTER(){
    location_change = document.getElementById("PROD_SEL_TESTER").value;
    varURL = "http://" + varServerAddr +
        "/hourly_ft_wip/production_line/prod_line_tester.php?tester_change=" +
        encodeURIComponent(location_change), encodeURIComponent(LOAD(varURL, "TESTER"));
    location.reload();
}

Upvotes: 1

Related Questions