0

hi frnds,

here i m using AJAX code for posting variables..when i submit the form , then the GET variables are taking like this..

hi%20h%20r%20i

..

how can i solve this problem..
plz go through the code..

//javascript code...

function get(obj) {
      var poststr = "name=" +escape(encodeURI( document.getElementById("name").value )) +
                    "&comments=" +escape( encodeURI( document.getElementById("comments").value )) +
					 "&id=" + encodeURI( document.getElementById("id").value )+
					  "&category=" +escape( encodeURI( document.getElementById("category").value ));
      makePOSTRequest('comments.php', poststr);
   }
$name=stripslashes( mysql_real_escape_string($_POST['name']));
$comments=$_POST['comments'];
$id=$_POST['id'];
$category=mysql_real_escape_string($_POST['category']);

plz solve this one..

Thanks in advance..

2
Contributors
1
Reply
2
Views
7 Years
Discussion Span
Last Post by digital-ether
0

Hello sarithak,

The problem with the URL encoding is that you have escape() and encodeURI() applied to the same string. So the string is double URL encoded.

Infact you should use encodeURIComponent() and not encodeURI() to encode url parameters.

URL encoding is a way to encode URL parameters so that they do not break the URL. For example, an & has special meaning in a URL (it separates/delimits url parameters). Encoding it in URL-Encoded format will turn it into a %26.

The above will solve the url encoding problems. Another issue that you may not have noticed is with the code:

$name=stripslashes( mysql_real_escape_string($_POST['name']));

You do not want to do stripslashes() blindly. You want to check if the text has actually been escaped with slashes automatically, and only escape it if PHP did that.

eg:

if (magic_quotes_gpc()) {
  $name=stripslashes( mysql_real_escape_string($_POST['name']));
} else {
  $name=mysql_real_escape_string($_POST['name']);
}

This makes sure you don't strip slashes that are mean't to be there.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.