simPod
Reputation: 13466
encodeURIComponent and mysql_real_escape_string
I would like to ask you if it's necessary to use a mysql_real_escape_string() PHP function for data that I send into my DB in PHP ajax file if the data is encoded in my JS file using encodeURIComponent() function? thanks
Upvotes: 1
Views: 659
Answers (1)
Piskvor left the building
Reputation: 92772
Yes. encodeURIComponent encodes the characters so they aren't misinterpreted in the URL (in transport via HTTP); mysql_real_escape_string escapes the string so that it isn't misinterpreted in the MySQL query (inside the database).
In other words, each has a completely different function; not to mention that you have zero guarantee that the request at your PHP file is actually coming from your AJAX call.
Upvotes: 2
Related Questions
- mysql_real_escape_string() just makes an empty string?
- mysql_real_escape_string and special characters
- How to prevent escape characters in MySQL varchar inserted by PHP PDO via jQuery AJAX
- HTML special characters encoding doesn't work after Ajax -> PHP -> MySQL
- Encoding error with mysql_real_escape_string, returns empty string
- jQuery ajax special characters problem
- Escape character being added when using mysql_real_escape_string
- mysql_real_escape_string not good enough?
- best way to escape data JS->PHP->MySQL and vice versa
- PHP, jQuery and .post(): mysql_real_escape_string messes things up