All geek questions in one place

Why escape characters are added to hidden input value

<body> <div> <?= $_POST['msg'] ?> </div> <form id="frm" method="post"> <input type="hidden" name='msg' value='{"field0": "Im a string", "field1": 84, "field3": "so am I"}' /> <input type="submit" value="test" /> </form> </body>

When the form is submitted, the next line is displayed between the div tags.

{\ "field0 \": \ "Im string \", \ "field1 \": 84, \ "field3 \": \ "so am I \"}

Why are escape characters added? Are they added by the PHP server or web client? Can I do anything to prevent this?

Someone already mentioned PHP stripslashes functions. I am using it now, but I want to get rid of slashes.

+3
source share
5 answers

Check if your PHP configuration magic_quotes_gpc activated, in this case the PHP server automatically adds slashes to the values โ€‹โ€‹of GET / POST / cookie ...

+4
source

I believe the problem is only to avoid using the tools that you use to output the string. For instance:

 var msg = dojo.toJson({field1: 'string', field2: 84, field3: 'another string'}); alert(msg);

will display double quotes as uninsulated. Similarly, by running the first example, when the browser is connected to a proxy server, such as Charles, it shows double qoutes as unescaped.

So, I believe that this is just an auto-escape that Firebug / PHP does when you show the lines.

+2
source

If the information is correct when it leaves the client, then dojo has to do some magic before sending the information before $ _POST, no? Are there any flags that you can set for the dojo.toJson () method that allows you to control the manipulation / escaping level of input strings? If not, I think using stripslashes () (or something else, depending on where this information is sent) is the only answer.

+1
source

check if magic quotes are enabled on your host

+1
source

Most likely you enabled hav magic_quotes_gpc on your server. This configuration parameter and function are deprecated in php5.3. Until you update:

 if (get_magic_quotes_gpc()) { set_magic_quotes_runtime(0); foreach (array('POST', 'GET', 'REQUEST', 'COOKIE') as $gpc) $GLOBALS["_$gpc"] = array_map('dequote', $GLOBALS["_$gpc"]); } function dequote($v) { return is_array($v) ? array_map('dequote', $v) : stripslashes($v); }

The above solution is based on code that I found some years ago.

+1
source

Source: https://habr.com/ru/post/890364/

More articles:


All Articles