I am writing a PHP-javascript-AJAX based application which sends a form in AJAX as a synchronous request using POST method to a php script.
I used encodeURIComponent() function in javascript on each data before sending it, then build the correct form request in the form
encodedname1=encodedvalue1&encodedname2=encodedvalue2 - - - and so on
When I get that data back on server side, via $_POST['encodedname1'], I get the data already decoded, and I do not need to use urldecode(). I have seen many questions on this and other forums about how to decode data back, and I am wondering why people asks such a question if php gets data already decoded (as confirmed in another post here: AJAX POST and Plus Sign ( + ) -- How to Encode?). Is there something critical about this issue that I miss or don't know?
Also, what happens if I pass in the POST request some unencoded characters, that I use as delimiters between datasets, let's say "#"? It is possible that received data may be corrupted, and/or "#" delimiter get lost? Does it have security issues? Example:
a11=v11&a12=v12#a21=v21&a22=v22- - - and so on
Detail: all charsets are UTF-8 without BOM, in all my files (.php, .html, .js)
