Reputation: 3153
Escaping special characters
Just a quick question. I want to send data from Javascript to a PHP script to store it in my database, then getting it back the same way (a script calls a PHP function, and data is sent back with JSON).
Which function should I use in the javascript ? I should never need to get the data only with PHP, so is it ok to use escape(string); then unescape(encoded_string); to display ?
Thanks.
Regards from France ;)
EDIT : Forgot to mention : The data is a string from an user input (hence the security issues)
Upvotes: 0
Views: 528
Answers (1)
Reputation: 1379
Use encodeURIComponent() for transmission in a url.
function sendData(str)
{
var url = "http://myserver.com/upload?data="+encodeURIComponent(str);
ajax(url);
}
When the data gets sent to the server, the server should automatically unencode the data that was sent in the URL, so you don't need to do it manually. (I'm not too familiar with PHP, though, someone correct me if I'm wrong.) You also don't need to encode data that is sent to the client, because it isn't being sent in a URL.
Just a word of caution:
If you escape() the data, and then unescape() it later, all html tags, javascript and other things the user entered will be restored exactly as they were. So be sure to remove those things before displaying the data.
See also: http://xkr.us/articles/javascript/encode-compare/
Upvotes: 2
Related Questions
- How to escape string from PHP for javascript?
- PHP escaping characters
- Escaping this javascript code in php
- JavaScript escape characters coming from PHP
- how to escape html / special strings in javascript
- Javascript - escaping specific characters
- Escaping Javascript in PHP
- Passing special characters from php to javascript
- Special characters escaping with JS and PHP
- Escaping special characters in JavaScript