1

I'm sending AJAX request with POST params (without JQuery). Is there any function to sanitize characters like &?

Anagmate
  • 1,545
  • 3
  • 14
  • 15

3 Answers3

0

I think what you are looking for is something like this:

encodeURIComponent

Jason Foglia
  • 1,894
  • 3
  • 23
  • 45
0

You really don't need to do that in a modern browser:

var xhr = new XMLHttpRequest;
xhr.open("POST","yourURL");
xhr.onload = function(data){ /*onload hook */};
xhr.send({keyval:"data here"}); // data here!

As you can see, you can pass an object to the .send method and it'll send that, you don't need to encode or mess with URI components in the POST body (or GET url) at all.

you can of course also send form data

Benjamin Gruenbaum
  • 246,787
  • 79
  • 474
  • 476
  • Also, actually sanitizing/cleaning (as in 'securing and making trustworthy') the data should _always_ be done at the server side. You can never trust the integrity of data that comes from client code. – Benjamin Gruenbaum Feb 05 '14 at 20:31
  • 1
    This is totally wrong. You can't pass a plain object to `xhr.send()`. See https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/send – Barmar Jan 23 '20 at 09:29
0

Do you mean sanitize or encode? If encode is what you mean, use:

encodeURIComponent(value);

in your script, and to decode this in PHP use:

urldecode($_POST['key']);

to decode the value. If you meant sanitize, please elaborate.

smithbh
  • 347
  • 1
  • 7
  • You don't need to use `urldecode()` in PHP. It's done automatically when filling in `$_POST`. – Barmar Jan 23 '20 at 09:30