2

I can't look at mysql tables right now...but I don't think '+' is making it into the table.

I checked magic_guotes and it is turned on. However magic_quotes should not do anything to the '+' sign as it only relates to escaping for characters the database uses.

Also, I checked my regular expressions on the client and server (javascript and php) and there is nothing to remove '+' signs.

I also use htmlentites() but I do not believe + is an html entity and even if it was this should only make it an entity wrather than a character.

This leaves json_encode, but I was able to echo the characters back to the client before encoding and could still see there was no '+' sign.

I've checked all 5 places and can not determine where my + sign is going...it seems the mysql database is returning a space where the + sign should be.

Ajax Serialize

function ajax_serialize( form_name )
{
    var return_string='',  
        form_elements=document.forms[form_name].elements,
        iterator;  
    for(iterator = 0; iterator < form_elements.length; iterator++)
    {
        if( form_elements[iterator].name )
        {
            if( form_elements[iterator].type === 'checkbox' && form_elements[iterator].checked === false )
            {
                return_string += form_elements[iterator].name + "=0&";
            }
            else
            {
                return_string += form_elements[iterator].name + "=" + form_elements[iterator].value+"&";
            }
        }
    }
    return_string = return_string.slice( 0, -1 );
    return return_string;
}

Ajax Tweet

function interface_tweet()
{
    var form_name = 'tweet',
        response_div = form_name + '_response',
        tw_text = new Text(form_name),
        tw_message = new Message(response_div);

    if( Constant.VALIDATE_ON === 1 )
    {
        if( !tw_text.checkEmpty() ) 
        {
            tw_message.display('empty');
            return;
        }

        if( !tw_text.checkPattern('tweet') ) 
        {
            tw_message.display('tweet');
            return;
        }
    }

    Ajax.repeatUseAjaxObject( Constant.GATEWAY, ajax_serialize( 'tweet') + '&ajax_type=ControlTweet_add' , ajax_tweet ,'tweet_fill' );
    document.getElementById( 'tweet_input' ).value='';
    document.getElementById( 'tweet_response' ).innerHTML='';
}
  • 3
    **I can't look at mysql tables right now...but I don't think '+' is making it into the table.** You should come back when you can... – deed02392 Feb 05 '12 at 21:50
  • Do you send this '+' from the form or where do you get it originally from? If you are trying submit data with '+' from the form using ajax or any kind of the javascript then you should use encodeURIComponent for the data (jQuery is doing it automatically if you are using it in a right way) – Cheery Feb 05 '12 at 21:51
  • 1
    `I ajax posted it from a form` Show the code. It looks like you do not use URI encoding and by the RFC '+' means space. '+' should be written as %2B – Cheery Feb 05 '12 at 21:54
  • 1
    http://stackoverflow.com/questions/6855624/plus-sign-in-query-string –  Feb 05 '12 at 21:55
  • @stack.user.0 i told you - show your js code! nobody here has telepathic abilities :) at least the part where you prepare the data to be submitted. you should encode that data. – Cheery Feb 05 '12 at 21:57
  • ajax_tweet posted...finding relevant –  Feb 05 '12 at 22:01
  • ajax_serailize....posted...I think more relevant...all my ajax is via POST... –  Feb 05 '12 at 22:03
  • So I should run that URI function on my serialized data?..this is the data that is sent to the server on an ajax call..what exactly does this do?..I've formatted my data about 7 times (round trip) already I thought I was done. –  Feb 05 '12 at 22:05
  • the dangerous '+' sign I should have known all along...oh..and & breaks it too...semantic meaning. –  Feb 05 '12 at 22:08
  • @stack.user.0 my answer should solve your problem – Cheery Feb 05 '12 at 22:09
  • @stack.user.0 I just have a good logical mind :) – Cheery Feb 05 '12 at 22:12
  • @stack.user.0 Do you see an answer below? – Cheery Feb 05 '12 at 22:14

1 Answers1

2

This is what you should have

return_string += encodeURIComponent(form_elements[iterator].name) + "=0&";

and 

return_string += encodeURIComponent(form_elements[iterator].name) + "=" 
               + encodeURIComponent(form_elements[iterator].value)+"&";

if your form_elements[iterator].name does not have any symbols that should be encoded then you may remove encodeURIComponent for it.

Cheery
  • 16,063
  • 42
  • 57
  • I take it that now I have to decode data coming out of the database? –  Feb 05 '12 at 22:15
  • @stack.user.0 You do not have to decode it - it is done automatically by the server at the moment the data is received from the form. This is a `native` representation of the data when it is sent by GET or POST request. – Cheery Feb 05 '12 at 22:16
  • ? okay ...my mind is boggled by how much text processing goes on for the simplest of DB updates....hope I'm done now....thanks again. –  Feb 05 '12 at 22:17