$ .post agrega barras invertidas dobles

I use jQuery to send data from the client to the server and to store data in my database. Now I use the $.post-function from jQuery. I use it like the following

var queryUpd = "UPDATE settings SET round_duration='10'"
$.post("../../server/test.php", {func: "manipulate", query: queryUpd}, function(json,    textStatus) 
 {
alert(json); //Outputs UPDATE settings SET round_duration =\\\'10\\\'           
 });

The php funcion "test.php" is simple:

<?php
  echo json_encode($_POST["query"]);  //send values to the client
?>

As you can see, the php-function gets an invalid query, since it adds two backslashes in front of the \'. So why does this happen and how can I solve this problem?

preguntado el 08 de noviembre de 11 a las 16:11

Do you have MAGIC_QUOTES enabled? -

Note that this is a huge security hole. -

Passing SQL from Javascript to the server is an unspeakably bad idea. -

@enne87: {function: "manipulate", query: 'DROP DATABASE DATABASE();'}. Boom goes your database, boom goes your site. -

@lonesomeday: I don't know about that... I kind of like the idea of being to able to remotely utterly nuke sitesthat I don't like... -

2 Respuestas

You may need to specify that what you're getting back is JSON. Otherwise, jQuery guesses, and sometimes it's wrong:

$.post("../../server/test.php", {func: "manipulate", query: queryUpd}, function(json,    textStatus) 
     {
    alert(json); //Outputs UPDATE settings SET round_duration =\\\'10\\\'           
     },"json");

The comments on your original post are correct, however. You shouldn't send queries through ajax. You should send form data, and create queries based on that data, after checking it to make sure it's valid.

respondido 08 nov., 11:20

Ok but the string that I send to the server is definitely wrong, otherwise it would execute my query. - enne87

Why would it execute your query? The only thing test.php does is encode the query in JSON and send it back. - David

Yes now at the moment, but actually there is code that makes executes this query. It works on my local machine but not at the remote server. - enne87

If it's a dev to live issue, then it's probably something different in the PHP config of the live server. But I still say the server side code should be creating queries. Otherwise what's to stop me from posting "DROP TABLE settings" to your php page? (xkcd.com/327) - David

You are right of course Dave, unfortunately I don't have the time now to change the code so I hope you'll be nice to me and don't drop my table :) Thanks in advance. - enne87

if it's php, then try somewhere in the bootstrap of your application

<?php
if (get_magic_quotes_gpc()) {
    function stripslashes_gpc(&$value)
    {
        $value = stripslashes($value);
    }
    array_walk_recursive($_GET, 'stripslashes_gpc');
    array_walk_recursive($_POST, 'stripslashes_gpc');
    array_walk_recursive($_COOKIE, 'stripslashes_gpc');
    array_walk_recursive($_REQUEST, 'stripslashes_gpc');
}
?>

respondido 08 nov., 11:20

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.