tags:

views:

322

answers:

5
+1  Q: 

Why are escape characters being added to the value of the hidden input 

<body>
  <div> <?= $_POST['msg'] ?> </div>
  <form id="frm" method="post">
    <input type="hidden" name='msg' value='{"field0": "Im a string", "field1": 84, "field3": "so am I"}' />
    <input type="submit" value="test" />
  </form>
</body>

When the form is posted, the following string is displayed between the div tags.

{\"field0\": \"Im a string\", \"field1\": 84, \"field3\": \"so am I\"}

Why are the escape characters being added? Are they being added by the PHP server or the web client? Can I do anything to prevent this?

Someone already mentioned the PHP function stripslashes. I'm using it for now but I want to get rid of the slashes all together.

+1  A: 

If the information is correct when it leaves the client, then dojo must be doing some wizardry before sending the info over to $_POST, no? Are there any flags that you can set for the dojo.toJson() method that will allow you to control the level of input string manipulation / escaping? If not, I think using stripslashes() (or whatever, depending on where this information is headed) is the only answer.

MatW  2009-06-24 17:04:10
I don't think dojo is doing anything funky because frm.submit() is plain ole javascript and request.value == msg prior to submitting the form. However, +1 for stripslashes(). I'll use it until I figure out what is going.
Lawrence Barsanti  2009-06-24 17:28:56
+2  A: 

I believe the problem is just one of escaping done by the tools you are using to output the string. For example:

var msg = dojo.toJson({field1: 'string', field2: 84, field3: 'another string'});
alert(msg);

will show the double quotes as unescaped. Similarly, running your first example while the browser is hooked up to a proxy like Charles, shows the double qoutes as unescaped.

So I believe this is just an auto-escape that Firebug/PHP does when showing you strings.

jrburke  2009-06-25 04:23:27
+1  A: 

check if magic quotes is enabled on your host

Jason  2009-07-02 13:31:41
+1  A: 

Check whether your PHP configuration has magic_quotes_gpc activated, in such case the PHP server automatically adds slashes to GET/POST/cookie values...

streetpc  2009-07-02 13:32:00
+1  A: 

Most probably you hav magic_quotes_gpc enabled on your server. This configuration option and feature is deprecated in php5.3. Until you upgrade:

if (get_magic_quotes_gpc()) {
    set_magic_quotes_runtime(0);
    foreach (array('POST', 'GET', 'REQUEST', 'COOKIE') as $gpc)
        $GLOBALS["_$gpc"] = array_map('dequote', $GLOBALS["_$gpc"]);
}

function dequote($v) {
        return is_array($v) ? array_map('dequote', $v) : stripslashes($v);
}

The above solution is based on someone's code i've found somewhere a few years ago.

hegemon  2009-07-02 13:38:44

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?