97

I want to send a few variables and a string with the POST method from JavaScript.

I get the string from the database, and then send it to a PHP page. I am using an XMLHttpRequest object.

The problem is that the string contains the character & a few times, and the $_POST array in PHP sees it like multiple keys.

I tried replacing the & with \& with the replace() function, but it doesn't seem to do anything.

Can anyone help?

The javascript code and the string looks like this:

var wysiwyg = dijit.byId("wysiwyg").get("value");
var wysiwyg_clean = wysiwyg.replace('&','\&');

var poststr = "act=save";

poststr+="&titlu="+frm.value.titlu;
poststr+="&sectiune="+frm.value.sectiune;
poststr+="&wysiwyg="+wysiwyg_clean;
poststr+="&id_text="+frm.value.id_text;

xmlhttp.open("POST","lista_ajax.php",true);
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send(poststr);

The String is:

 <span class="style2">&quot;Busola&quot;</span>
J. Scott Elblein
  • 3,541
  • 11
  • 52
  • 82
candino
  • 1,257
  • 2
  • 11
  • 12

8 Answers8

178

You can use encodeURIComponent().

It will escape all the characters that cannot occur verbatim in URLs:

var wysiwyg_clean = encodeURIComponent(wysiwyg);

In this example, the ampersand character & will be replaced by the escape sequence %26, which is valid in URLs.

Frédéric Hamidi
  • 249,845
  • 40
  • 466
  • 467
15

You might want to use encodeURIComponent().

encodeURIComponent("&quot;Busola&quot;"); // => %26quot%3BBusola%26quot%3B
Wolfram
  • 7,989
  • 3
  • 43
  • 64
9

You need to url-escape the ampersand. Use:

var wysiwyg_clean = wysiwyg.replace('&', '%26');

As Wolfram points out, this is nicely handled (along with all the other special characters) by encodeURIComponent.

Ned Batchelder
  • 345,440
  • 70
  • 544
  • 649
4

Ramil Amr's answer works only for the & character. If you have some other special characters, you should use PHP's htmlspecialchars() and JS's encodeURIComponent().

You can write:

var wysiwyg_clean = encodeURIComponent(wysiwyg);

And on the server side:

htmlspecialchars($_POST['wysiwyg']);

This will make sure that AJAX will pass the data as expected, and that PHP (in case your'e insreting the data to a database) will make sure the data works as expected.

Nadav S.
  • 2,439
  • 2
  • 23
  • 37
3

You can pass your arguments using this encodeURIComponent function so you don't have to worry about passing any special characters.

data: "param1=getAccNos&param2="+encodeURIComponent('Dolce & Gabbana')

OR

var someValue = 'Dolce & Gabbana';
data: "param1=getAccNos&param2="+encodeURIComponent(someValue)

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent

deilkalb
  • 415
  • 1
  • 4
  • 9
1

You could encode your string using Base64 encoding on the JavaScript side and then decoding it on the server side with PHP (?).

JavaScript (Docu)

var wysiwyg_clean = window.btoa( wysiwyg );

PHP (Docu): 

var wysiwyg = base64_decode( $_POST['wysiwyg'] );
Sirko
  • 69,531
  • 19
  • 142
  • 174
1

The preferred way is to use a JavaScript library such as jQuery and set your data option as an object, then let jQuery do the encoding, like this:

$.ajax({
  type: "POST",
  url: "/link.json",
  data: { value: poststr },
  error: function(){ alert('some error occured'); }
});

If you can't use jQuery (which is pretty much the standard these days), use encodeURIComponent.

Christopher Tokar
  • 11,216
  • 8
  • 36
  • 56
0
encodeURIComponent(Your text here);

This will truncate special characters.

Alien
  • 13,439
  • 5
  • 35
  • 53
user10164982
  • 1