Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
So I have this form and it is being submitted via AJAX and the form data is serialized. So in the backend when I receive this data via PHP, I am simply using parse_str on the data and serializing it again to be saved into the database.
So my question is, how can you sanitize data that is coming in via JS AJAX that is serialized? Do I have to break it apart and run each value through mysql_real_escape_string or is there an easier way?
Thanks for looking.
Never manipulate serialized data: any change in length will break it and make it impossible to unserialize.
If you were using a conventional form you’d do:
JSON.stringify()json_decode()on the server-side and you get an array you can sanitize like any other form data.serialize()the sanitized array and save to the DBIf you are using JQuery AJAX and send a POST request, stages 1-2 are redundant, because you can pass a JSON object or an array to the data as-is and it’ll be automatically turned into a PHP object/array.