Can I encode my serialized form data with jquery $.post

开发者_运维问答I've run into an interesting problem. If I submit my PHP form the "tradtional" way with an action via post I capture the form data as follows:

headline:I%27m+just+here+for+friends%21

I escape the data server side before adding it to my DB using : mysql_real_escape_string($string) and everything is great.

If I now submit that same form using jqueries $.post method and pass it my serialize data

$.post("save_data.php", $("#form_id").serialize(),
    function(data) {
        // process my results
    }
);                

it looks like this:

headline:I'm+just+here+for+friends!

The mysql_real_escape call doesn't actually work anymore because I'm assuming the data has or has not been encoded properly. Is there a work around for this or a way to encode the form data before posting it?

Here is how I'm currently processing the form data inside PHP:

if ($_SERVER['REQUEST_METHOD'] == "POST") {
    $result = updateDataEntry($_POST);
}

$_POST sees the serialized form data as: headline:I'm+just+here+for+friends! so using mysql_real_escape_string($string) inside my updateDataEntry method is still adding escape characters inside the DB.

After several hours of tearing my hair out I found the issue. magic quotes were enabled in my php.ini file. If anyone else runs into this you can turn them off as shown below:

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

Now everything is working great!

The simple fix is to always submit it to the form in the same format. Run PHP's htmlentities() or htmlspecialchars() on it before passing it to $.post for the second time.

mysql_real_escape_string prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a, right? So it does not affect the % and special chars. If you want to insert the string exactly like headline:I%27m+just+here+for+friends%21 into db just encode it with urlencode before escaping.