You're sending an unencoded string (which happens to be in JSON
format) as part of your parameters string, which is meant to be URL-
encoded data.  A # sign is the least of your problems. ;-)  You'll
want to encode that with JavaScript's encodeURIComponent function[1].

Somewhat OT, but as of 1.6 (at least), the preferred way to provide
options to Ajax.Request is as an object.  If you give it a string,
that string will be converted to an object, and then later converted
back into a string.  Yes, really. :-)  Also, String has a toJSON
function you can use instead of JSON.stringify (not that it matters).


entry = encodeURIComponent($('busCalForm').serialize(true).toJSON());
new Ajax.Request(
    "modules/buscal/processes/saveBooking.php", {
    parameters: {
        year: year,
        recnum: busmstr_id,
        json: entry
    onSuccess: busCal.gotEntry.bind(this),
    onFailure: busCal.gotFailure.bind(this)

> How can I effectively escape an entire form, without
> having to get the value and escape them individually?  Is there a
> command I'm missing?

That's not quite what your code is doing; you're sending the form
fields as a JSON-encoded string in a parameter called "json".  If you
just want to send the form fields, and you don't need them to arrive
at the other end as a JSON string, there's a *much* shorter way:
Form#request[2].  Assuming that your form element has the
saveBooking.php as its action attribute:

    parameters: {
        year: year,
        recnum: busmstr_id
    onSuccess: busCal.gotEntry.bind(this),
    onFailure: busCal.gotFailure.bind(this)

The form fields will no longer be JSON-ified (but will be properly URL-
encoded), they'll arrive as individual parameters on the request.  If
the form field doesn't have saveBooking.php as its action and you
can't change that, the Ajax.Request can still be simplified:

params = $('busCalForm').serialize(true);
params.year = year;
params.recnum = busmstr_id;
new Ajax.Request(
    "modules/buscal/processes/saveBooking.php", {
    parameters: params,
    onSuccess: busCal.gotEntry.bind(this),
    onFailure: busCal.gotFailure.bind(this)

[2] http://prototypejs.org/api/form/request

T.J. Crowder
tj / crowder software / com
Independent Software Engineer, consulting services available

On Jul 30, 8:27 pm, infringer <infrin...@gmail.com> wrote:
> I have a form, I've been doing this in javascript:
> entry = $('busCalForm').serialize(true);
> entry = JSON.stringify(entry);
> new Ajax.Request("modules/buscal/processes/saveBooking.php", {
>          parameters: "year=" + year + "&recnum=" + busmstr_id + "&json=" +
> entry,
>          onSuccess: busCal.gotEntry.bind(this),
>          onFailure: busCal.gotFailure.bind(this)
>          });
> But i have a user that has typed a # in one of the fields, and the
> script dies.  How can I effectively escape an entire form, without
> having to get the value and escape them individually?  Is there a
> command I'm missing?
> -David
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to