Sanitizing POST data in AJAX request

Question

I'm sending AJAX request with POST params (without JQuery). Is there any function to sanitize characters like &?

score 0 · Answer 1 · answered Feb 05 '14 at 20:24

0

I think what you are looking for is something like this:

encodeURIComponent

answered Feb 05 '14 at 20:24

Jason Foglia

2,414
3
27
48

score 0 · Accepted Answer · answered Feb 05 '14 at 20:25

0

You really don't need to do that in a modern browser:

var xhr = new XMLHttpRequest;
xhr.open("POST","yourURL");
xhr.onload = function(data){ /*onload hook */};
xhr.send({keyval:"data here"}); // data here!

As you can see, you can pass an object to the .send method and it'll send that, you don't need to encode or mess with URI components in the POST body (or GET url) at all.

^{you can of course also send form data}

answered Feb 05 '14 at 20:25

Benjamin Gruenbaum

270,886
87
504
504

Also, actually sanitizing/cleaning (as in 'securing and making trustworthy') the data should _always_ be done at the server side. You can never trust the integrity of data that comes from client code. – Benjamin Gruenbaum Feb 05 '14 at 20:31
1

This is totally wrong. You can't pass a plain object to `xhr.send()`. See https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/send – Barmar Jan 23 '20 at 09:29

score 0 · Answer 3 · answered Feb 05 '14 at 20:28

0

Do you mean sanitize or encode? If encode is what you mean, use:

encodeURIComponent(value);

in your script, and to decode this in PHP use:

urldecode($_POST['key']);

to decode the value. If you meant sanitize, please elaborate.

answered Feb 05 '14 at 20:28

smithbh

347
1
7

You don't need to use `urldecode()` in PHP. It's done automatically when filling in `$_POST`. – Barmar Jan 23 '20 at 09:30

Sanitizing POST data in AJAX request

3 Answers3

Linked