what functions i have to use to encode/decode/escape/stripslash data for following purposes? when calling

Question

Editorial Team

Asked: May 20, 20262026-05-20T10:19:12+00:00 2026-05-20T10:19:12+00:00

what functions i have to use to encode/decode/escape/stripslash data for following purposes?

when calling a PHP script from JS like: page.php?data=don't_use_#_and_%_in_URL_params
when a PHP script receive a parameter from JS like: don%27t_use_%23_and_%25_in_URL_params
when running a MySQL query from PHP with data previously received from JS to prevent MySQL injections (lets say i need to insert in database the following sequence of characters: "``')
when i need to compare in a MySQL statement a field value which contains "``' sequence with an expression
when i need to retrieve a field value from a MySQL table and the field contains "``' and i want to use it in a PHP eval() macrosubstitution
when i have to send data from PHP to JS in an AJAX response and it contains "``' characters
and finally i have to eval() previous respond in JS

something like this diagram:

JS(encode) –> (decode)PHP(encode) –> (decode?)MySQL(encode?) –> (decode)MySQL(encode) –> (decode)JS

if anyone have the time and pleasure to answer, or to correct me if i made any mistakes here, thanks in advance

You must login to add an answer.

Need An Account,

Editorial Team · Answer 1 · 2026-05-20T10:19:12+00:00

encodeURIComponent
$_GET
PDO bound parameters
PDO bound parameters in a database. Otherwise it is just a string in PHP
No idea. You really should have asked a Question for each question you have. eval smells bad though.
Pick a data format and use appropriate encoding for that. JSON is common.
The only time you should go near eval() is JS is when you are implementing a support for json in browsers without a native version (and you can use Crockford’s json2.js for that). So don’t.

The Archive Base Latest Questions