Query string pass by $_GET method

Question

I want to pass sValue that contain non-English String

  ....
 $.post("ajax.php?module=test&action=updates&id="+id+"&field="+field+"&val="+sValue;                                    
...

Then

$valUpdate = $_GET['val'];
$sQuery = " UPDATE $sTable SET  $colUpdate = '$valUpdate' WHERE  id = $id";
    $req = $pdo->prepare($sQuery);
    $req->execute();
    $req->closeCursor();

Anyone could told me ,How can I fix this ?

thanks

maybe this will help you: http://stackoverflow.com/questions/834316/how-to-convert-large-utf-8-strings-into-ascii — Cristi Pufu, Jun 19 '12 at 22:18
You're using `$.post` with GET parameters. Just have to set POST parameters instead. — sp00m, Jun 19 '12 at 22:49
Technically he's passing them as GET parameters, on account of the ?...& — jcolebrand, Jun 20 '12 at 02:04
What's the point of using prepared statements if you do `$sQuery = " UPDATE $sTable SET $colUpdate = '$valUpdate' WHERE id = $id";`? With `$valUpdate` being user input. — laurent, Jun 20 '12 at 03:48

mroesler · Accepted Answer · 2012-08-28T10:04:29.997

1

You should use encodeURIComponent(sValue).

Also consider using some kind of SQL-injection free syntax like prepared statements.

edited Aug 28 '12 at 10:04

answered Jun 26 '12 at 09:22

mroesler

98
6

Query string pass by $_GET method

1 Answers1