GET variable problem

Question

sarithak 0 Junior Poster

14 Years Ago

hi frnds,

here i m using AJAX code for posting variables..when i submit the form , then the GET variables are taking like this..

hi%20h%20r%20i

..

how can i solve this problem..
plz go through the code..

//javascript code...

function get(obj) {
      var poststr = "name=" +escape(encodeURI( document.getElementById("name").value )) +
                    "&comments=" +escape( encodeURI( document.getElementById("comments").value )) +
					 "&id=" + encodeURI( document.getElementById("id").value )+
					  "&category=" +escape( encodeURI( document.getElementById("category").value ));
      makePOSTRequest('comments.php', poststr);
   }

$name=stripslashes( mysql_real_escape_string($_POST['name']));
$comments=$_POST['comments'];
$id=$_POST['id'];
$category=mysql_real_escape_string($_POST['category']);

plz solve this one..

Thanks in advance..

php

2 Contributors
1 Reply
86 Views
8 Hours Discussion Span
Latest Post 14 Years Ago Latest Post by digital-ether

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

digital-ether 399 Nearly a Posting Virtuoso Team Colleague · Answer 1 · 2010-01-11T19:41:01+00:00

Hello sarithak,

The problem with the URL encoding is that you have escape() and encodeURI() applied to the same string. So the string is double URL encoded.

Infact you should use encodeURIComponent() and not encodeURI() to encode url parameters.

URL encoding is a way to encode URL parameters so that they do not break the URL. For example, an & has special meaning in a URL (it separates/delimits url parameters). Encoding it in URL-Encoded format will turn it into a %26.

The above will solve the url encoding problems. Another issue that you may not have noticed is with the code:

$name=stripslashes( mysql_real_escape_string($_POST['name']));

You do not want to do stripslashes() blindly. You want to check if the text has actually been escaped with slashes automatically, and only escape it if PHP did that.

eg:

if (magic_quotes_gpc()) {
  $name=stripslashes( mysql_real_escape_string($_POST['name']));
} else {
  $name=mysql_real_escape_string($_POST['name']);
}

This makes sure you don't strip slashes that are mean't to be there.