when im using php its easy. every data received by post or get just put inside:
htmlspecialchars($something, ENT_QUOTES);
store this in database and thats it. user can put all of these garbage without interrupt the system: " ' \ ^ < > / # $
but when im working with angular or js more precisely, things are a little bit different.
- sending $http, just doesnt work, i know i can use encodeuri functions but then i need to decode each parameter i pass, i mean, i cant send a full array encoded and decode it fully in php. for example i want let the user put this input and encode all of this json and decode it easily without making the code to load too much time:
var my_json = [ { name: "some#thing", phone: "some$</script>thing1", }, { name: "someth"ing", phone: "someth'ing1", }, ];
ratther i do now is using mysqli_real_escape_string. 2. trying to catch some data with $scope (angular) or jquery selector. then push this to an array. everything works until you put those troublemakers: " ' \ ^ < > / # $
so what to do? ive tried everything.
im trying to do this for example:
var newStation = $scope.list.stations.split("|||");
var newObject = {
name: newStation[0],
address: newStation[1],
phone: newStation[2],
};
$scope.stations.push(newObject);
and then receive an error:
Uncaught TypeError: Cannot read property 'dataset' of undefined
ive tried using escapeHTML function which i found in stackoverflow when sending $http, but this not works too..
thanks.
