How to escape this multi-dimensional json array/string

Question

I have a long json string that I send to the PHP server using AJAX post request. My problem is I really can't escape the strings or the values of the said json. Here is the json data

The PHP function on the HTML tab and the json on the JS tab.

The json above have already passed to json_decode function in php and var_dump. Notice the data at object['rest_data']['q25']['q25_others'] the data is "25 others "" and must be "25 others \"". I used this recursive function thinking that will do the work.

The $this->Escape($value) is with the same class with the recursive function that I use above. And the Escape function is just for escaping the strings that may cause SQL problems during insert.

Any suggestion.? I'm out of idea. Thanks!

function deep_escape($array){
  foreach($array as $key => $value) {
    if(is_array($value)){
      $this->deep_escape($value);
    } else {
      $array[$key] = $this->Escape($value);
    }
  }
  return $array;
}

How I create the JSON

all_get_data = {
  "q16": $('#survey_question_16').val(),
  "q17": {
    "q17_select": $('#survey_question_17').val(),
    "q17_others": $('#survey_question_17_others').val(),
  },
  "q18": {
    "q18_select": $('#survey_question_18').val(),
    "q18_others": $('#survey_question_18_others').val(),
  },
  "q19": $('#survey_question_19').val(),
  "q20a": $('#survey_question_20a').val(),
  "q20b": $('#survey_question_20b').val(),
  "q21": $('#survey_question_21').val(),
  "q22": $('#survey_question_22').val(),
  "q23": {
    "q23_select": $('#survey_question_23').val(),
    "q23_others": $('#survey_question_23_others').val(),
  },
  "q24": $('#survey_question_24').val(),
  "q25": {
    "q25_select": $('#survey_question_25').val(),
    "q25_others": $('#survey_question_25_others').val(),
  },
  "q26": {
    "q26_select": $('#survey_question_26').val(),
    "q26_others": $('#survey_question_26_others').val(),
  },
  "q27": {
    "q27_select": $('#survey_question_27').val(),
    "q27_others": $('#survey_question_27_others').val(),
  },
  "q28": {
    "q28_select": $('#survey_question_28').val(),
    "q28_others": $('#survey_question_28_others').val(),
  },
  "q29": {
    "q29_select": $('#survey_question_29').val(),
    "q29_others": $('#survey_question_29_others').val(),
  },
  "q30": "",
  "q31": $('#survey_question_31').val(),
  "q32": $('#survey_question_32').val(),
  "q33": {
    "q33_select": $('#survey_question_33').val(),
    "q33_others": $('#survey_question_33_others').val(),
  },
  "q34": $('#survey_question_34').val(),
};

Object dump

array(5) {["part_i"]=>
  array(11) {["name"]=>string(0) ""
    ["permAdd"]=>string(0) ""
    ["email"]=>string(0) ""
    ["con_no"]=>string(0) ""
    ["mo_no"]=>string(0) ""
    ["civil"]=>NULL
    ["gender"]=>NULL
    ["bday"]=>string(0) ""
    ["region"]=>NULL
    ["province"]=>string(0) ""
    ["locationResidence"]=>NULL
  }
  ["part_ii"]=>array(3) {
    ["row1"]=>array(4) {
      ["el_1"]=>string(0) ""
      ["el_2"]=>string(0) ""
      ["el_3"]=>string(0) ""
      ["el_4"]=>string(0) ""
    }
    ["row2"]=>array(4) {
      ["el_1"]=>string(0) ""
      ["el_2"]=>string(0) ""
      ["el_3"]=>string(0) ""
      ["el_4"]=>string(0) ""
    }
    ["row3"]=>array(3) {
      ["el_1"]=>string(0) ""
      ["el_2"]=>string(0) ""
      ["el_4"]=>string(0) ""
    }
  }
  ["part_iii"]=>array(2) {
    ["erow1"]=>array(3) {
      ["eel_1"]=>string(0) ""
      ["eel_2"]=>string(0) ""
      ["eel_3"]=>string(0) ""
    }
    ["erow2"]=>array(3) {
      ["eel_1"]=>string(0) ""
      ["eel_2"]=>string(0) ""
      ["eel_3"]=>string(0) ""
    }
  }
  ["part_iv"]=>array(2) {
    ["q15a"]=>array(3) {
      ["q15a_row1"]=>array(3) {
        ["q15a_el1"]=>string(0) ""
        ["q15a_el2"]=>string(0) ""
        ["q15a_el3"]=>string(0) ""
      }
      ["q15a_row2"]=>array(3) {
        ["q15a_el1"]=>string(0) ""
        ["q15a_el2"]=>string(0) ""
        ["q15a_el3"]=>string(0) ""
      }
      ["q15a_row3"]=>array(3) {
        ["q15a_el1"]=>string(0) ""
        ["q15a_el2"]=>string(0) ""
        ["q15a_el3"]=>string(0) ""
      }
    }
    ["q15b"]=>array(2) {
      ["q15b_select"]=>NULL
      ["q15b_others"]=>string(0) ""
    }
  }
  ["rest_data"]=>array(20) {
    ["q16"]=>NULL
    ["q17"]=>array(2) {
      ["q17_select"]=>array(0) {}
      ["q17_others"]=>string(0) ""
    }
    ["q18"]=>array(2) {
      ["q18_select"]=>NULL
      ["q18_others"]=>string(0) ""
    }
    ["q19"]=>string(0) ""
    ["q20a"]=>string(2) ""'"
    ["q20b"]=>NULL
    ["q21"]=>NULL
    ["q22"]=>NULL
    ["q23"]=>array(2) {
      ["q23_select"]=>array(0) {}
      ["q23_others"]=>string(0) ""
    }
    ["q24"]=>NULL
    ["q25"]=>array(2) {
      ["q25_select"]=>array(5) {
        [0]=>string(21) "Salaries_and_Benefits"
        [1]=>string(16) "Career_challenge"
        [2]=>string(25) "Related_to_special_skills"
        [3]=>string(22) "Proximity_to_residence"
        [4]=>string(5) "other"
      }
      ["q25_others"]=>string(11) "25 others ""
    }
    ["q26"]=>array(2) {
      ["q26_select"]=>array(0) {}
      ["q26_others"]=>string(0) ""
    }
    ["q27"]=>array(2) {
      ["q27_select"]=>NULL
      ["q27_others"]=>string(0) ""
    }
    ["q28"]=>array(2) {
      ["q28_select"]=>NULL
      ["q28_others"]=>string(0) ""
    }
    ["q29"]=>array(2) {
      ["q29_select"]=>NULL
      ["q29_others"]=>string(0) ""
    }
    ["q30"]=>
    string(0) ""
    ["q31"]=>
    NULL
    ["q32"]=>
    NULL
    ["q33"]=>
    array(1) {
      ["q33_select"]=>
      array(0) {
      }
    }
    ["q34"]=>
    string(0) ""
  }
}

JSON structure

{
  "part_i": {
    "name": "",
    "permAdd": "",
    "email": "",
    "con_no": "",
    "mo_no": "",
    "civil": null,
    "gender": null,
    "bday": "",
    "region": null,
    "province": "",
    "locationResidence": null
  },
  "part_ii": {
    "row1": {
      "el_1": "",
      "el_2": "",
      "el_3": "",
      "el_4": ""
    },
    "row2": {
      "el_1": "",
      "el_2": "",
      "el_3": "",
      "el_4": ""
    },
    "row3": {
      "el_1": "",
      "el_2": "",
      "el_4": ""
    }
  },
  "part_iii": {
    "erow1": {
      "eel_1": "",
      "eel_2": "",
      "eel_3": ""
    },
    "erow2": {
      "eel_1": "",
      "eel_2": "",
      "eel_3": ""
    }
  },
  "part_iv": {
    "q15a": {
      "q15a_row1": {
        "q15a_el1": "",
        "q15a_el2": "",
        "q15a_el3": ""
      },
      "q15a_row2": {
        "q15a_el1": "",
        "q15a_el2": "",
        "q15a_el3": ""
      },
      "q15a_row3": {
        "q15a_el1": "",
        "q15a_el2": "",
        "q15a_el3": ""
      }
    },
    "q15b": {
      "q15b_select": null,
      "q15b_others": ""
    }
  },
  "rest_data": {
    "q16": null,
    "q17": {
      "q17_select": [],
      "q17_others": [""]
    },
    "q18": {
      "q18_select": null,
      "q18_others": ""
    },
    "q19": "",
    "q20a": "'",
    "q20b": null,
    "q21": null,
    "q22": null,
    "q23": {
      "q23_select": [],
      "q23_others": ""
    },
    "q24": null,
    "q25": {
      "q25_select": [
        "Salaries_and_Benefits",
        "Career_challenge",
        "Related_to_special_skills",
        "Proximity_to_residence",
        "other"
      ],
      "q25_others": "25 others "
    },
    "q26": {
      "q26_select": [],
      "q26_others": ""
    },
    "q27": {
      "q27_select": null,
      "q27_others": ""
    },
    "q28": {
      "q28_select": null,
      "q28_others": ""
    },
    "q29": {
      "q29_select": null,
      "q29_others": ""
    },
    "q30": "",
    "q31": null,
    "q32": null,
    "q33": {
      "q33_select": []
    },
    "q34": ""
  }
}

It would be interesting to see how you create this JSON String and see its contents before it gets to PHP — RiggsFolly, Jan 23 '17 at 15:05
@RiggsFolly I already added how I create that json string .. — Mer Igos, Jan 23 '17 at 15:11
Don’t assemble JSON yourself. Built up a proper data structure (arrays/objects), and then use `json_encode` (PHP) or `JSON.stringify` (JS) to create proper JSON out of it. That will automatically take care of all necessary escaping. (As far as the context JSON is concerned. Why you bring SQL into it, is unclear. If you need to secure data before inserting it into the database, then you do that at the exact point where this database insert happens. To encode/escape the data for _this_ purpose earlier already is nonsense.) — CBroe, Jan 23 '17 at 15:16
I think you are trying to solve a NON Problem, just use `json_decode()` to convert the JSONStrng into a PHP array/Object — RiggsFolly, Jan 23 '17 at 15:16
@RiggsFolly In the developer console of an webbrowser you can check the network tab and look for the request of the ajax call that was made by the page. :) — JustOnUnderMillions, Jan 23 '17 at 15:19
@JustOnUnderMillions Yes you can. But why are you telling me? — RiggsFolly, Jan 23 '17 at 15:20
@RiggsFolly Your first comment!? But i really get your line after reading it 10 times... not my mother tongue ;) — JustOnUnderMillions, Jan 23 '17 at 15:21
@JustOnUnderMillions may because he can't see that code, only me the one who have the codes and want some clarification about this.? — Mer Igos, Jan 23 '17 at 15:23
@JustOnUnderMillions Yea, but at that point he had not posted his js code. And as I have not got the form I cannot do it for him — RiggsFolly, Jan 23 '17 at 15:23
@MerIgos Can I ask why you think there should be a trailing double quote in that field — RiggsFolly, Jan 23 '17 at 15:24
http://stackoverflow.com/questions/15637429/how-to-escape-double-quotes-in-json — JustOnUnderMillions, Jan 23 '17 at 15:25
In js, create an object. Then load all the data into properties of that object. Then use `JSON.Stringify()` on that object and the JSONString will be created properly. Or just pass the Object as your AJAX call parameter and it will all be looked after by better coders that us. — RiggsFolly, Jan 23 '17 at 15:28
As @RiggsFolly says, better make an real javascript object and convert it via JSON.stringify(), that is the save way. — JustOnUnderMillions, Jan 23 '17 at 15:32
@Mr. Polywhirl didnt you mean `json_encode($json,JSON_PRETTY_PRINT);`? -- _object from PHP into a proper JSON string_ — JustOnUnderMillions, Jan 23 '17 at 15:34

score 1 · Answer 1 · answered Jan 23 '17 at 15:26

1

There is a problem with your function

function deep_escape($array){
  foreach($array as $key => $value) {
    if(is_array($value)){
      $this->deep_escape($value); // <----------- This line does nothing.
    } else {
      $array[$key] = $this->Escape($value);
    }
  }
  return $array;
}

See, you either want to be able to call your function like this

$instance->deep_escape($array);

and have the array be modified. In that case you need to declare it like this :

function deep_escape(&$array){                  // notice the '&'
  foreach($array as $key => &$value) {        // again '&'
    if(is_array($value)){
      $this->deep_escape($value);
    } else {
      $value = $this->Escape($value);
    }
  }
                                               // no "return" statement
}

Or you want to call it like this :

$escaped_array = $instance->deep_escape($array);

Which is the way I think you went for, in that case, you need to change that line 4 of your function :

function deep_escape($array){
  foreach($array as $key => $value) {
    if(is_array($value)){
      $array[$key] = $this->deep_escape($value);
    } else {
      $array[$key] = $this->Escape($value);
    }
  }
  return $array;
}

answered Jan 23 '17 at 15:26

Mouradif

2,666
1
20
37

Nice but I think the point is that all this is unnecessary if the JSON String is created properly in the first place – RiggsFolly Jan 23 '17 at 15:30
@RiggsFolly OP never creates JSON, that is a dump for a PHP object. Don't get them confused. I added what I believe is the JSON structure at the bottom of the question. – Mr. Polywhirl Jan 23 '17 at 15:34
I believe the JSON String is created properly by the JS part and properly parsed into an array with `json_decode()`. The point here is to escape potentially harmful strings before sending it to the database – Mouradif Jan 23 '17 at 16:22
@KiJéy Thank you for you answer, it helped me ^_^ – Mer Igos Jan 25 '17 at 00:18
@MerIgos always a pleasure ^_^ did it solve your problem ? – Mouradif Jan 26 '17 at 15:19
@KiJéy yep. Sorry for the late reply. But still, thank you ! – Mer Igos Mar 03 '17 at 15:18
No problem. You can set this answer as valid then if it answers the question correctly :p – Mouradif Mar 03 '17 at 15:50

How to escape this multi-dimensional json array/string

1 Answers1