mamuscia
asked on
Escape and URLDecode for URL passed using Ajax call
I am using xmlhttp (Ajax) requests to call a PHP program from javascript using the GET method.
I am passing the PHP script a string as parameters which includes the characters %20. For example, the current call to the PHP program looks like this:
phpparser.php?sqlstr=WHERE fieldname LIKE '%2007.03%' ORDER BY relid ASC
The %20 is cut off the param string when it reaches the PHP script, therefore messing up the MySQL query string I am passing.
I fooled around with escape and URLDecode, but how much of the URL needs to be escaped when using xmlhttp (Ajax) calls? Should I use escape across the entire URL and then URLDecode in the receiving PHP script?
Thanks
I am passing the PHP script a string as parameters which includes the characters %20. For example, the current call to the PHP program looks like this:
phpparser.php?sqlstr=WHERE
The %20 is cut off the param string when it reaches the PHP script, therefore messing up the MySQL query string I am passing.
I fooled around with escape and URLDecode, but how much of the URL needs to be escaped when using xmlhttp (Ajax) calls? Should I use escape across the entire URL and then URLDecode in the receiving PHP script?
Thanks
ASKER
I have many fields that the form displays to allow a user to enter to search the database. In my PHP script I execute a SELECT so the user is constrained to reading the DB. There is also a check to make sure the construct of the WHERE clause is correct. How would I encode/decode this URL?
You have to encode the query string paramter Values only.
Like this:
"phpparser.php?sqlstr="+es cape("WHER E fieldname LIKE '%2007.03%' ORDER BY relid ASC")+"&some="+escape("mor e parametrs");
You see?
Encoding & and = of the query string is misleading like not encoding special characters in the parameter values.
Like this:
"phpparser.php?sqlstr="+es
You see?
Encoding & and = of the query string is misleading like not encoding special characters in the parameter values.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
this works great, thanks!!
You are welcome.
A better option, if you can, is simple to pass the search term and order by term separately, and reconstruct the SQL statement in the script:
phpparser.php?value1=2007.