1

PHP version is 5.6.2

When sending a JS-object, why do strings end up escaped in PHP?

Here is my JS-code:

$.ajax({
   url: url,
   type: 'POST',
   data: {obj: obj},
   success: function(data) {},
   error: function(req, status, error){},
   timeout: 20000
});

All st'rin'gs end up like st\'rin\'gs in PHP. Of course I can stripslashes but what's the proper way of doing this?

Solution for everybody in the same situation, who checked and debugged and still can't find a solution: If you're using Wordpress, that's the cause. WP escapes all $_POST-variables automatically and since this AJAX was posted against wp_ajax.php, it was escaped. I took the easy way out and did:

stripslashes_deep($_POST['obj'])
Raphael Jeger
  • 5,024
  • 13
  • 48
  • 79
  • 1
    That's not something that happens arbitrarily by itself. The proper approach would be: finding out where and when that happens. Developer tools, payload inspection etc. And yes, the PHP code in question might be more relevant. – mario Apr 21 '15 at 06:17
  • the PHP-code simply does $_POST['obj'] ... I see in Chrome developer tools that the request is sent unescaped. So yes, it seems to happen in PHP, but how? – Raphael Jeger Apr 21 '15 at 06:20
  • Dozens of causes. Not actually running the `PHP_VERSION` you assume. Some code remnants that apply addslashes or premature database escaping on any input variables. – mario Apr 21 '15 at 06:23
  • oh - it seems it's wordpress' fault. It seems to auto-escape all post variables :( – Raphael Jeger Apr 21 '15 at 06:23

1 Answers1

0

You must check your magic quotes configurations first and do proper changes, please consider reading this post: Why are $_POST variables getting escaped in PHP?

Community
  • 1
  • 1
Anton
  • 1,029
  • 7
  • 19