tags:

views:

223

answers:

1
Q: 

jQuery double quotes

hi there, i have this form:

<form name="myForm" action="#">
     <input type="text" name="firstField" />
     <input type="text" name="secondField" />
     <input type="submit" name="submitButton" />
</form>

and i have an ajax request:

$('input[type="submit"]').click(function(){
       var serialized = $('form').serialize();
       //ajax request
       $.ajax({
                type : "POST",
                url : "takeAction.php",
                data : serialized,
                succes : function(){
                    alert('done');
                }
       }); 
});

the problem is that if any of my fields value contains "'", like (who's the boss) my ajax request fails to complete (i'm trying to update an mysql row but the code fails, i get no error just that my row is not updated). i know that it's something about quotes but i don;t know how to do it. thanks

+4  A: 

The problem is in your PHP code on the server, not in your HTML or JavaScript.

You're probably writing the submitted data values directly into an SQL query, yes?:

$query = sprintf("SELECT * FROM users WHERE user='%s'", $user);

You need to either use prepared statements, or use mysql_real_escape_string() to escape your values:

$query = sprintf("SELECT * FROM users WHERE user='%s'",
                  mysql_real_escape_string($user));
RichieHindle  2009-10-25 14:33:17
and if i have $var1 = $_POST['firstField'] $var2 = $_POST['secondField'] $rowId = $_POST['id'] and i want to update my row how should my code look? something like this? $sql = sprintf("UPDATE table SET mysqlField_1='%s',mysqlField_2='%s' where id='%s'",$var1,$var2,$rowId);
kmunky  2009-10-25 14:48:21
sorry..like this? $sql = sprintf("UPDATE table SET mysqlField_1='%s',mysqlField_2='%s' where id='%s'",mysql_real_escape_string($var1,$var2,$rowId));
kmunky  2009-10-25 14:50:32
got it, $sql = sprintf("UPDATE table SET mysqlField_1='%s',mysqlField_2='%s' where id='%s'",mysql_real_escape_string($var1),mysql_real_escape_string($var2),mysql_real_escape_string($rowId));, THANKS ;)
kmunky  2009-10-25 15:01:43

related questions

How can I convert JavaScript code into one big Java string
Apostrophes replacing quotation marks in script tag in input field.
Are quotes around hash keys a good practice in Perl?
Escaping double quotes with tcsh alias
Help me remember a quote from Alan Kay
How can one turn regular quotes (i.e. ', ") into LaTeX/TeX quotes (i.e. `', ``'')
Remove quotes from named environement variables in Windows scripts
Smarty replace text with double quotes
Nuggets of wisdom?
php quotation strip
Regex Question - One or more spaces outside of a quote enclosed block of text
Regexp for quoted string with escaping quotes
MYSQL: REGEXP single quotation matching
Double quotes in Oracle Alias
What's the accepted way of storing quoted data in XML?
Is there any difference between "string" and 'string' in Python?
What's the easiest way to add a quote box to mediawiki?
How do I protect quotes in a batch file?
How can i parse a comma delimited string into a list (caveat)?
Generally define the process of testing
What's your best trick to break out of an unbalanced quote condition in BASE SAS?
How would you explain binary to your grandmother?
Great programming quotes
Double Quotes in Oracle Column Aliases
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?