Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
213 views
in Technique[技术] by (71.8m points)

javascript - Escaping jQuery data being sent via POST

I'm using jQuery.ajax to extract form data from a page, and send it to my database (via another PHP page).

The form information is collected by:

var X=$('#div1').val();
var Y=$('#div2').val();

This is used to build the POST string, i.e.

var data='varx='+X+'&vary='+Y;

Obviously this is problematic if an ampersand character is used. What is the best method to escape the variables, particularly so that the user can safely use an ampersand (&) ?

Thanks!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

The best would be using an object for the data.

jQuery.post("yourScript.php", {
   varx: X,
   vary: Y
});

or

jQuery.ajax({
      url: "yourScript.php",         
      type: "POST",
      data: ({varx: X, vary: Y}),
      dataType: "text",
      success: function(msg){
         alert(msg);
      }
   }
);

You can also use jQuery's serialize() to get your form data as a serialized querystring:

var data = jQuery(formSelector).serialize();

The .serialize() method creates a text string in standard URL-encoded notation. It operates on a jQuery object representing a set of form elements. The form elements can be of several types.

Way prettier in my opinion :-)


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...