How can I send the "&" (ampersand) character via AJAX?

P

8

102

I want to send a few variables and a string with the POST method from JavaScript.

I get the string from the database, and then send it to a PHP page. I am using an XMLHttpRequest object.

The problem is that the string contains the character & a few times, and the $_POST array in PHP sees it like multiple keys.

I tried replacing the & with \& with the replace() function, but it doesn't seem to do anything.

Can anyone help?

The javascript code and the string looks like this:

var wysiwyg = dijit.byId("wysiwyg").get("value");
var wysiwyg_clean = wysiwyg.replace('&','\&');

var poststr = "act=save";

poststr+="&titlu="+frm.value.titlu;
poststr+="&sectiune="+frm.value.sectiune;
poststr+="&wysiwyg="+wysiwyg_clean;
poststr+="&id_text="+frm.value.id_text;

xmlhttp.open("POST","lista_ajax.php",true);
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
xmlhttp.send(poststr);

The String is:

 <span class="style2">&quot;Busola&quot;</span>

Platitudinous answered 2/7, 2012 at 12:54 Comment(0)

N

181

You can use encodeURIComponent().

It will escape all the characters that cannot occur verbatim in URLs:

var wysiwyg_clean = encodeURIComponent(wysiwyg);

In this example, the ampersand character & will be replaced by the escape sequence %26, which is valid in URLs.

Notable answered 2/7, 2012 at 12:58 Comment(2)

Is this enough to securely escape the data or is ist "just" enough to avoid the ampersand issue? – Pleach 7/10, 2014 at 11:54

@Sprottenwels, it is enough to properly encode all the data. What do you mean by "securely" in this context? – Scopolamine 7/10, 2014 at 12:2

Q

15

You might want to use encodeURIComponent().

encodeURIComponent("&quot;Busola&quot;"); // => %26quot%3BBusola%26quot%3B

Quinquennial answered 2/7, 2012 at 12:58 Comment(0)

B

9

You need to url-escape the ampersand. Use:

var wysiwyg_clean = wysiwyg.replace('&', '%26');

As Wolfram points out, this is nicely handled (along with all the other special characters) by encodeURIComponent.

Bomb answered 2/7, 2012 at 12:58 Comment(0)

A

5

Ramil Amr's answer works only for the & character. If you have some other special characters, you should use PHP's htmlspecialchars() and JS's encodeURIComponent().

You can write:

var wysiwyg_clean = encodeURIComponent(wysiwyg);

And on the server side:

htmlspecialchars($_POST['wysiwyg']);

This will make sure that AJAX will pass the data as expected, and that PHP (in case your'e insreting the data to a database) will make sure the data works as expected.

Alysaalyse answered 2/7, 2012 at 13:8 Comment(0)

A

3

You can pass your arguments using this encodeURIComponent function so you don't have to worry about passing any special characters.

data: "param1=getAccNos&param2="+encodeURIComponent('Dolce & Gabbana')

OR

var someValue = 'Dolce & Gabbana';
data: "param1=getAccNos&param2="+encodeURIComponent(someValue)

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent

Alleged answered 10/8, 2018 at 15:17 Comment(0)

S

1

You could encode your string using Base64 encoding on the JavaScript side and then decoding it on the server side with PHP (?).

JavaScript (Docu)

var wysiwyg_clean = window.btoa( wysiwyg );

PHP (Docu):

var wysiwyg = base64_decode( $_POST['wysiwyg'] );

Sousa answered 2/7, 2012 at 12:59 Comment(0)

N

1

The preferred way is to use a JavaScript library such as jQuery and set your data option as an object, then let jQuery do the encoding, like this:

$.ajax({
  type: "POST",
  url: "/link.json",
  data: { value: poststr },
  error: function(){ alert('some error occured'); }
});

If you can't use jQuery (which is pretty much the standard these days), use encodeURIComponent.

Negate answered 2/7, 2012 at 13:8 Comment(0)

S

0

encodeURIComponent(Your text here);

This will truncate special characters.

Semibreve answered 1/8, 2018 at 9:37 Comment(1)

This does not add any value to the answers above – Engross 1/8, 2018 at 9:56

Recommended topics

Hot tags