what's the proper way to sanitize data when I'm using jquery to send post data?

If the post data contains "&" character it thinks it's separating query string parameters. If it conta开发者_运维百科ins + it thinks it's a space. I'm sure there's some prebuilt function that takes care of these things already.

Just pass your data as an object and jQuery will serialize it via $.param() internally, for example:

$.ajax({
  //options..
  data: { key: "myValue" }
});
//the same goes for shorthand methods:
$.post("url", { key: "myValue" });

All the magic is basic JavaScript though, $.param() just uses encodeURIComponent() underneath to do the serialization (including & encoding) when creating the string.

If you're sending an entire <form> just use .serialize() which serializes the entire <form> (all successful form elements) to the string - like a normal non-AJAX submit would, for example:

$.post("url", $("form").serialize());

Another option is encodeURI

http://www.w3schools.com/jsref/jsref_encodeURI.asp