[Proto-Scripty] Re: Escaping Input
Hi,
I'm surprised by the POST data you quoted, but it doesn't matter, I'm
pretty sure I know what's wrong.
I was hurrying too much when posting my reply. You don't have to URL-
encode the JSON string if you're going to give Ajax.Request a
parameters *object* rather than parameters *string*, because Prototype
will do it for you -- which is half the point of using an object. So
drop the encodeURIComponent bit:
// Using an object:
entry = Object.toJSON($('busCalForm').serialize(true));
new Ajax.Request(
"modules/buscal/processes/saveBooking.php", {
parameters: {
year: year,
recnum: busmstr_id,
json: entry
},
onSuccess: busCal.gotEntry.bind(this),
onFailure: busCal.gotFailure.bind(this)
});
// Using a string (not recommended, data gets transformed to an object
// and then back again -- but it demonstrates using the
// encodeURIComponent function
entry = Object.toJSON($('busCalForm').serialize(true));
new Ajax.Request(
"modules/buscal/processes/saveBooking.php", {
parameters:
"year=" + encodeURIComponent(year) +
"&recnum=" + encodeURIComponent(busmstr_id) +
"&json=" + encodeURIComponent(entry),
onSuccess: busCal.gotEntry.bind(this),
onFailure: busCal.gotFailure.bind(this)
});
Note that I'm escaping all of the components, although if you *know*
year and busmstr_id won't include any characters that are special in
URLs, you can skip it. Again, though, best to use the object feature
of Ajax.Request and let it handle URL-encoding.
Sorry for the bum steer earlier, rushing too much. "Do less, better"
should be my motto. ;-)
--
T.J. Crowder
tj / crowder software / com
Independent Software Engineer, consulting services available
On Jul 31, 5:49 pm, infringer wrote:
> This method works well in FF 3.5, but FF 3.0.12 doesn't like it... I
> really would like to keep the from coming in a separate variable, but
> realize I may have to change that.
>
> 3.0.12's POST (truncated) just for info:
> %7Bstartdate%3A%202009-04-23%2C%20
>
> 3.5's POST (truncated):
> %7B%22startdate%22%3A%20%222009-04-23%22%2C%
>
> As you can see 3.5 has extra characters...
>
> I'm sending this to PHP, and my processing script receives the JSON
> variable as such
>
> $json_string = (isset($_POST['json']) ? rawurldecode($_POST['json']) :
> "");
> $json = json_decode($json_string, true);
> if (($json == '') || empty($json) || ($json == null)) {
> $result['valid_result'] = 2;
> $result['reason'] = rawurlencode("Unknown error, Administrator has
> been notified. Please try again later");
> $result = json_encode($result);
> header("Content-Type: application/json");
> print $result;
> exit(0);
>
> }
>
> so when users are using 3.0.xx they always receive this error message,
> because the PHP script doesn't see it as valid JSON.
>
> but 3.5 users (myself only) can perform the saves/deletes, etc
>
> This is for an internal application, we only allow FF to be used.
>
> Thanks for the help!
> -David
>
> On Jul 30, 4:00 pm, "T.J. Crowder" wrote:
>
>
>
> > Sorry, I got my wires crossed half-way through the first one of
> > those. You can't use String#toJSON, it's not a string! Doh.
> > Correcting my first example:
>
> > entry = encodeURIComponent(Object.toJSON($('busCalForm').serialize
> > (true)));
> > new Ajax.Request(
> > "modules/buscal/processes/saveBooking.php", {
> > parameters: {
> > year: year,
> > recnum: busmstr_id,
> > json: entry
> > },
> > onSuccess: busCal.gotEntry.bind(this),
> > onFailure: busCal.gotFailure.bind(this)
>
> > });
>
> > Sorry 'bout that.
>
> > -- T.J. :-)
>
> > On Jul 30, 8:55 pm, "T.J. Crowder" wrote:
>
> > > Hi,
>
> > > You're sending an unencoded string (which happens to be in JSON
> > > format) as part of your parameters string, which is meant to be URL-
> > > encoded data. A # sign is the least of your problems. ;-) You'll
> > > want to encode that with JavaScript's encodeURIComponent function[1].
>
> > > Somewhat OT, but as of 1.6 (at least), the preferred way to provide
> > > options to Ajax.Request is as an object. If you give it a string,
> > > that string will be converted to an object, and then later converted
> > > back into a string. Yes, really. :-) Also, String has a toJSON
> > > function you can use instead of JSON.stringify (not that it matters).
>
> > > So:
>
> > > entry = encodeURIComponent($('busCalForm').serialize(true).toJSON());
> > > new Ajax.Request(
> > > "modules/buscal/processes/saveBooking.php", {
> > > parameters: {
> > > year: year,
> > > recnum: busmstr_id,
> > > json: entry
> > > },
> > > onSuccess: busCal.gotEntry.bind(this),
> > > onFailure: busCal.gotFailure.bind(this)
>
> > > });
> > > > How can I effectively escape an entire form, without
> > > > having to get the value and escape them individually? Is there a
> > > > command I'm missing?
>
> > > That's not
[Proto-Scripty] Re: Escaping Input
Sorry - Just tucked into my first beer ...
not remove slashes ... Santitize the $_POST
My mistake.
Alex Mcauley
http://www.thevacancymarket.com
- Original Message -
From: "infringer"
To: "Prototype & script.aculo.us"
Sent: Friday, July 31, 2009 5:49 PM
Subject: [Proto-Scripty] Re: Escaping Input
This method works well in FF 3.5, but FF 3.0.12 doesn't like it... I
really would like to keep the from coming in a separate variable, but
realize I may have to change that.
3.0.12's POST (truncated) just for info:
%7Bstartdate%3A%202009-04-23%2C%20
3.5's POST (truncated):
%7B%22startdate%22%3A%20%222009-04-23%22%2C%
As you can see 3.5 has extra characters...
I'm sending this to PHP, and my processing script receives the JSON
variable as such
$json_string = (isset($_POST['json']) ? rawurldecode($_POST['json']) :
"");
$json = json_decode($json_string, true);
if (($json == '') || empty($json) || ($json == null)) {
$result['valid_result'] = 2;
$result['reason'] = rawurlencode("Unknown error, Administrator has
been notified. Please try again later");
$result = json_encode($result);
header("Content-Type: application/json");
print $result;
exit(0);
}
so when users are using 3.0.xx they always receive this error message,
because the PHP script doesn't see it as valid JSON.
but 3.5 users (myself only) can perform the saves/deletes, etc
This is for an internal application, we only allow FF to be used.
Thanks for the help!
-David
On Jul 30, 4:00 pm, "T.J. Crowder" wrote:
> Sorry, I got my wires crossed half-way through the first one of
> those. You can't use String#toJSON, it's not a string! Doh.
> Correcting my first example:
>
> entry = encodeURIComponent(Object.toJSON($('busCalForm').serialize
> (true)));
> new Ajax.Request(
> "modules/buscal/processes/saveBooking.php", {
> parameters: {
> year: year,
> recnum: busmstr_id,
> json: entry
> },
> onSuccess: busCal.gotEntry.bind(this),
> onFailure: busCal.gotFailure.bind(this)
>
> });
>
> Sorry 'bout that.
>
> -- T.J. :-)
>
> On Jul 30, 8:55 pm, "T.J. Crowder" wrote:
>
>
>
> > Hi,
>
> > You're sending an unencoded string (which happens to be in JSON
> > format) as part of your parameters string, which is meant to be URL-
> > encoded data. A # sign is the least of your problems. ;-) You'll
> > want to encode that with JavaScript's encodeURIComponent function[1].
>
> > Somewhat OT, but as of 1.6 (at least), the preferred way to provide
> > options to Ajax.Request is as an object. If you give it a string,
> > that string will be converted to an object, and then later converted
> > back into a string. Yes, really. :-) Also, String has a toJSON
> > function you can use instead of JSON.stringify (not that it matters).
>
> > So:
>
> > entry = encodeURIComponent($('busCalForm').serialize(true).toJSON());
> > new Ajax.Request(
> > "modules/buscal/processes/saveBooking.php", {
> > parameters: {
> > year: year,
> > recnum: busmstr_id,
> > json: entry
> > },
> > onSuccess: busCal.gotEntry.bind(this),
> > onFailure: busCal.gotFailure.bind(this)
>
> > });
> > > How can I effectively escape an entire form, without
> > > having to get the value and escape them individually? Is there a
> > > command I'm missing?
>
> > That's not quite what your code is doing; you're sending the form
> > fields as a JSON-encoded string in a parameter called "json". If you
> > just want to send the form fields, and you don't need them to arrive
> > at the other end as a JSON string, there's a *much* shorter way:
> > Form#request[2]. Assuming that your form element has the
> > saveBooking.php as its action attribute:
>
> > $('busCalForm').request({
> > parameters: {
> > year: year,
> > recnum: busmstr_id
> > },
> > onSuccess: busCal.gotEntry.bind(this),
> > onFailure: busCal.gotFailure.bind(this)
>
> > });
>
> > The form fields will no longer be JSON-ified (but will be properly URL-
> > encoded), they'll arrive as individual parameters on the request. If
> > the form field doesn't have saveBooking.php as its action and you
> > can't change that, the Ajax.Request can still be simplified:
>
> > params = $('busCalForm').serialize(true);
> > params.year = year;
> > params.recnum = busmstr_id;
> > new Ajax.Request(
> > "modules/buscal/processes/saveBooking.php", {
> > parameter
[Proto-Scripty] Re: Escaping Input
You should always remove slashes from Json in php
Example below..
I had a similar problem with a PHP app i developed and had to escape it
properly
Alex Mcauley
http://www.thevacancymarket.com
- Original Message -
From: "infringer"
To: "Prototype & script.aculo.us"
Sent: Friday, July 31, 2009 5:49 PM
Subject: [Proto-Scripty] Re: Escaping Input
This method works well in FF 3.5, but FF 3.0.12 doesn't like it... I
really would like to keep the from coming in a separate variable, but
realize I may have to change that.
3.0.12's POST (truncated) just for info:
%7Bstartdate%3A%202009-04-23%2C%20
3.5's POST (truncated):
%7B%22startdate%22%3A%20%222009-04-23%22%2C%
As you can see 3.5 has extra characters...
I'm sending this to PHP, and my processing script receives the JSON
variable as such
$json_string = (isset($_POST['json']) ? rawurldecode($_POST['json']) :
"");
$json = json_decode($json_string, true);
if (($json == '') || empty($json) || ($json == null)) {
$result['valid_result'] = 2;
$result['reason'] = rawurlencode("Unknown error, Administrator has
been notified. Please try again later");
$result = json_encode($result);
header("Content-Type: application/json");
print $result;
exit(0);
}
so when users are using 3.0.xx they always receive this error message,
because the PHP script doesn't see it as valid JSON.
but 3.5 users (myself only) can perform the saves/deletes, etc
This is for an internal application, we only allow FF to be used.
Thanks for the help!
-David
On Jul 30, 4:00 pm, "T.J. Crowder" wrote:
> Sorry, I got my wires crossed half-way through the first one of
> those. You can't use String#toJSON, it's not a string! Doh.
> Correcting my first example:
>
> entry = encodeURIComponent(Object.toJSON($('busCalForm').serialize
> (true)));
> new Ajax.Request(
> "modules/buscal/processes/saveBooking.php", {
> parameters: {
> year: year,
> recnum: busmstr_id,
> json: entry
> },
> onSuccess: busCal.gotEntry.bind(this),
> onFailure: busCal.gotFailure.bind(this)
>
> });
>
> Sorry 'bout that.
>
> -- T.J. :-)
>
> On Jul 30, 8:55 pm, "T.J. Crowder" wrote:
>
>
>
> > Hi,
>
> > You're sending an unencoded string (which happens to be in JSON
> > format) as part of your parameters string, which is meant to be URL-
> > encoded data. A # sign is the least of your problems. ;-) You'll
> > want to encode that with JavaScript's encodeURIComponent function[1].
>
> > Somewhat OT, but as of 1.6 (at least), the preferred way to provide
> > options to Ajax.Request is as an object. If you give it a string,
> > that string will be converted to an object, and then later converted
> > back into a string. Yes, really. :-) Also, String has a toJSON
> > function you can use instead of JSON.stringify (not that it matters).
>
> > So:
>
> > entry = encodeURIComponent($('busCalForm').serialize(true).toJSON());
> > new Ajax.Request(
> > "modules/buscal/processes/saveBooking.php", {
> > parameters: {
> > year: year,
> > recnum: busmstr_id,
> > json: entry
> > },
> > onSuccess: busCal.gotEntry.bind(this),
> > onFailure: busCal.gotFailure.bind(this)
>
> > });
> > > How can I effectively escape an entire form, without
> > > having to get the value and escape them individually? Is there a
> > > command I'm missing?
>
> > That's not quite what your code is doing; you're sending the form
> > fields as a JSON-encoded string in a parameter called "json". If you
> > just want to send the form fields, and you don't need them to arrive
> > at the other end as a JSON string, there's a *much* shorter way:
> > Form#request[2]. Assuming that your form element has the
> > saveBooking.php as its action attribute:
>
> > $('busCalForm').request({
> > parameters: {
> > year: year,
> > recnum: busmstr_id
> > },
> > onSuccess: busCal.gotEntry.bind(this),
> > onFailure: busCal.gotFailure.bind(this)
>
> > });
>
> > The form fields will no longer be JSON-ified (but will be properly URL-
> > encoded), they'll arrive as individual parameters on the request. If
> > the form field doesn't have saveBooking.php as its action and you
> > can't change that, the Ajax.Request can still be simplified:
>
> > params = $('busCalForm').serialize(true);
> > params.year = year;
> > params.recnum = busmstr_id;
> > new Ajax.Request(
> > "modules/buscal/pro
[Proto-Scripty] Re: Escaping Input
This method works well in FF 3.5, but FF 3.0.12 doesn't like it... I
really would like to keep the from coming in a separate variable, but
realize I may have to change that.
3.0.12's POST (truncated) just for info:
%7Bstartdate%3A%202009-04-23%2C%20
3.5's POST (truncated):
%7B%22startdate%22%3A%20%222009-04-23%22%2C%
As you can see 3.5 has extra characters...
I'm sending this to PHP, and my processing script receives the JSON
variable as such
$json_string = (isset($_POST['json']) ? rawurldecode($_POST['json']) :
"");
$json = json_decode($json_string, true);
if (($json == '') || empty($json) || ($json == null)) {
$result['valid_result'] = 2;
$result['reason'] = rawurlencode("Unknown error, Administrator has
been notified. Please try again later");
$result = json_encode($result);
header("Content-Type: application/json");
print $result;
exit(0);
}
so when users are using 3.0.xx they always receive this error message,
because the PHP script doesn't see it as valid JSON.
but 3.5 users (myself only) can perform the saves/deletes, etc
This is for an internal application, we only allow FF to be used.
Thanks for the help!
-David
On Jul 30, 4:00 pm, "T.J. Crowder" wrote:
> Sorry, I got my wires crossed half-way through the first one of
> those. You can't use String#toJSON, it's not a string! Doh.
> Correcting my first example:
>
> entry = encodeURIComponent(Object.toJSON($('busCalForm').serialize
> (true)));
> new Ajax.Request(
> "modules/buscal/processes/saveBooking.php", {
> parameters: {
> year: year,
> recnum: busmstr_id,
> json: entry
> },
> onSuccess: busCal.gotEntry.bind(this),
> onFailure: busCal.gotFailure.bind(this)
>
> });
>
> Sorry 'bout that.
>
> -- T.J. :-)
>
> On Jul 30, 8:55 pm, "T.J. Crowder" wrote:
>
>
>
> > Hi,
>
> > You're sending an unencoded string (which happens to be in JSON
> > format) as part of your parameters string, which is meant to be URL-
> > encoded data. A # sign is the least of your problems. ;-) You'll
> > want to encode that with JavaScript's encodeURIComponent function[1].
>
> > Somewhat OT, but as of 1.6 (at least), the preferred way to provide
> > options to Ajax.Request is as an object. If you give it a string,
> > that string will be converted to an object, and then later converted
> > back into a string. Yes, really. :-) Also, String has a toJSON
> > function you can use instead of JSON.stringify (not that it matters).
>
> > So:
>
> > entry = encodeURIComponent($('busCalForm').serialize(true).toJSON());
> > new Ajax.Request(
> > "modules/buscal/processes/saveBooking.php", {
> > parameters: {
> > year: year,
> > recnum: busmstr_id,
> > json: entry
> > },
> > onSuccess: busCal.gotEntry.bind(this),
> > onFailure: busCal.gotFailure.bind(this)
>
> > });
> > > How can I effectively escape an entire form, without
> > > having to get the value and escape them individually? Is there a
> > > command I'm missing?
>
> > That's not quite what your code is doing; you're sending the form
> > fields as a JSON-encoded string in a parameter called "json". If you
> > just want to send the form fields, and you don't need them to arrive
> > at the other end as a JSON string, there's a *much* shorter way:
> > Form#request[2]. Assuming that your form element has the
> > saveBooking.php as its action attribute:
>
> > $('busCalForm').request({
> > parameters: {
> > year: year,
> > recnum: busmstr_id
> > },
> > onSuccess: busCal.gotEntry.bind(this),
> > onFailure: busCal.gotFailure.bind(this)
>
> > });
>
> > The form fields will no longer be JSON-ified (but will be properly URL-
> > encoded), they'll arrive as individual parameters on the request. If
> > the form field doesn't have saveBooking.php as its action and you
> > can't change that, the Ajax.Request can still be simplified:
>
> > params = $('busCalForm').serialize(true);
> > params.year = year;
> > params.recnum = busmstr_id;
> > new Ajax.Request(
> > "modules/buscal/processes/saveBooking.php", {
> > parameters: params,
> > onSuccess: busCal.gotEntry.bind(this),
> > onFailure: busCal.gotFailure.bind(this)
>
> > });
>
> > [1]https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global...
> > [2]http://prototypejs.org/api/form/request
>
> > HTH,
> > --
> > T.J. Crowder
> > tj / crowder software / com
> > Independent Software Engineer, consulting services available
>
> > On Jul 30, 8:27 pm, infringer wrote:
>
> > > I have a form, I've been doing this in javascript:
>
> > > entry = $('busCalForm').serialize(true);
> > > entry = JSON.stringify(entry);
> > > new Ajax.Request("modules/buscal/processes/saveBooking.php", {
> > > parameters: "year=" + year + "&recnum=" + busmstr_id + "&json=" +
> > > entry,
> > > onSuccess: busCal.gotEntry.bind(this),
> > > onFailure: busCal.gotFailure.bind(this)
> > >
[Proto-Scripty] Re: Escaping Input
Sorry, I got my wires crossed half-way through the first one of
those. You can't use String#toJSON, it's not a string! Doh.
Correcting my first example:
entry = encodeURIComponent(Object.toJSON($('busCalForm').serialize
(true)));
new Ajax.Request(
"modules/buscal/processes/saveBooking.php", {
parameters: {
year: year,
recnum: busmstr_id,
json: entry
},
onSuccess: busCal.gotEntry.bind(this),
onFailure: busCal.gotFailure.bind(this)
});
Sorry 'bout that.
-- T.J. :-)
On Jul 30, 8:55 pm, "T.J. Crowder" wrote:
> Hi,
>
> You're sending an unencoded string (which happens to be in JSON
> format) as part of your parameters string, which is meant to be URL-
> encoded data. A # sign is the least of your problems. ;-) You'll
> want to encode that with JavaScript's encodeURIComponent function[1].
>
> Somewhat OT, but as of 1.6 (at least), the preferred way to provide
> options to Ajax.Request is as an object. If you give it a string,
> that string will be converted to an object, and then later converted
> back into a string. Yes, really. :-) Also, String has a toJSON
> function you can use instead of JSON.stringify (not that it matters).
>
> So:
>
> entry = encodeURIComponent($('busCalForm').serialize(true).toJSON());
> new Ajax.Request(
> "modules/buscal/processes/saveBooking.php", {
> parameters: {
> year: year,
> recnum: busmstr_id,
> json: entry
> },
> onSuccess: busCal.gotEntry.bind(this),
> onFailure: busCal.gotFailure.bind(this)
>
> });
> > How can I effectively escape an entire form, without
> > having to get the value and escape them individually? Is there a
> > command I'm missing?
>
> That's not quite what your code is doing; you're sending the form
> fields as a JSON-encoded string in a parameter called "json". If you
> just want to send the form fields, and you don't need them to arrive
> at the other end as a JSON string, there's a *much* shorter way:
> Form#request[2]. Assuming that your form element has the
> saveBooking.php as its action attribute:
>
> $('busCalForm').request({
> parameters: {
> year: year,
> recnum: busmstr_id
> },
> onSuccess: busCal.gotEntry.bind(this),
> onFailure: busCal.gotFailure.bind(this)
>
> });
>
> The form fields will no longer be JSON-ified (but will be properly URL-
> encoded), they'll arrive as individual parameters on the request. If
> the form field doesn't have saveBooking.php as its action and you
> can't change that, the Ajax.Request can still be simplified:
>
> params = $('busCalForm').serialize(true);
> params.year = year;
> params.recnum = busmstr_id;
> new Ajax.Request(
> "modules/buscal/processes/saveBooking.php", {
> parameters: params,
> onSuccess: busCal.gotEntry.bind(this),
> onFailure: busCal.gotFailure.bind(this)
>
> });
>
> [1]https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global...
> [2]http://prototypejs.org/api/form/request
>
> HTH,
> --
> T.J. Crowder
> tj / crowder software / com
> Independent Software Engineer, consulting services available
>
> On Jul 30, 8:27 pm, infringer wrote:
>
>
>
> > I have a form, I've been doing this in javascript:
>
> > entry = $('busCalForm').serialize(true);
> > entry = JSON.stringify(entry);
> > new Ajax.Request("modules/buscal/processes/saveBooking.php", {
> > parameters: "year=" + year + "&recnum=" + busmstr_id + "&json=" +
> > entry,
> > onSuccess: busCal.gotEntry.bind(this),
> > onFailure: busCal.gotFailure.bind(this)
> > });
>
> > But i have a user that has typed a # in one of the fields, and the
> > script dies. How can I effectively escape an entire form, without
> > having to get the value and escape them individually? Is there a
> > command I'm missing?
>
> > -David
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com
To unsubscribe from this group, send email to
prototype-scriptaculous+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/prototype-scriptaculous?hl=en
-~--~~~~--~~--~--~---
[Proto-Scripty] Re: Escaping Input
Hi,
You're sending an unencoded string (which happens to be in JSON
format) as part of your parameters string, which is meant to be URL-
encoded data. A # sign is the least of your problems. ;-) You'll
want to encode that with JavaScript's encodeURIComponent function[1].
Somewhat OT, but as of 1.6 (at least), the preferred way to provide
options to Ajax.Request is as an object. If you give it a string,
that string will be converted to an object, and then later converted
back into a string. Yes, really. :-) Also, String has a toJSON
function you can use instead of JSON.stringify (not that it matters).
So:
entry = encodeURIComponent($('busCalForm').serialize(true).toJSON());
new Ajax.Request(
"modules/buscal/processes/saveBooking.php", {
parameters: {
year: year,
recnum: busmstr_id,
json: entry
},
onSuccess: busCal.gotEntry.bind(this),
onFailure: busCal.gotFailure.bind(this)
});
> How can I effectively escape an entire form, without
> having to get the value and escape them individually? Is there a
> command I'm missing?
That's not quite what your code is doing; you're sending the form
fields as a JSON-encoded string in a parameter called "json". If you
just want to send the form fields, and you don't need them to arrive
at the other end as a JSON string, there's a *much* shorter way:
Form#request[2]. Assuming that your form element has the
saveBooking.php as its action attribute:
$('busCalForm').request({
parameters: {
year: year,
recnum: busmstr_id
},
onSuccess: busCal.gotEntry.bind(this),
onFailure: busCal.gotFailure.bind(this)
});
The form fields will no longer be JSON-ified (but will be properly URL-
encoded), they'll arrive as individual parameters on the request. If
the form field doesn't have saveBooking.php as its action and you
can't change that, the Ajax.Request can still be simplified:
params = $('busCalForm').serialize(true);
params.year = year;
params.recnum = busmstr_id;
new Ajax.Request(
"modules/buscal/processes/saveBooking.php", {
parameters: params,
onSuccess: busCal.gotEntry.bind(this),
onFailure: busCal.gotFailure.bind(this)
});
[1]
https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Global_Functions/encodeURIComponent
[2] http://prototypejs.org/api/form/request
HTH,
--
T.J. Crowder
tj / crowder software / com
Independent Software Engineer, consulting services available
On Jul 30, 8:27 pm, infringer wrote:
> I have a form, I've been doing this in javascript:
>
> entry = $('busCalForm').serialize(true);
> entry = JSON.stringify(entry);
> new Ajax.Request("modules/buscal/processes/saveBooking.php", {
> parameters: "year=" + year + "&recnum=" + busmstr_id + "&json=" +
> entry,
> onSuccess: busCal.gotEntry.bind(this),
> onFailure: busCal.gotFailure.bind(this)
> });
>
> But i have a user that has typed a # in one of the fields, and the
> script dies. How can I effectively escape an entire form, without
> having to get the value and escape them individually? Is there a
> command I'm missing?
>
> -David
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com
To unsubscribe from this group, send email to
prototype-scriptaculous+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/prototype-scriptaculous?hl=en
-~--~~~~--~~--~--~---
