PHP $_POST cutting off '<' character coming from $.post in jQuery - javascript

I feel like this should be easy. The character < (and following characters) refuses to be sent to $_POST. My max_input_vars is set to 10000, my memory limit is set to 3GB in my php.ini file, and I'm using PHP 8.0.
I have a text area where the text gets posted to a PHP file.
# HTML
<div class="add-comment">
<textarea style="margin-left: -15px;" placeholder="Add your commentary here" style="white-space:pre-wrap;" id="add-comment" class="form-control" rows="3"></textarea>
</div>
# JS
let comment = $('#add-comment').val();
const post_variables = {
'comment' : comment
};
console.log(post_variables);
$.post('/?c=comments&a=add_comment', post_variables, function(data){});
# PHP
echo '<pre>post:<br>';
print_r($_POST);
echo '</pre>';
Lets say I submit the text 'a < b'.
In JS, the log shows: a < b
In PHP the log shows: a
Is there something I need to do before passing it off to PHP? I'm genuinely surprised I haven't run into this before..

You can print the "<" on PHP using print_r(htmlspecialchar($_POST['comment'])) and if you want to convert it before sending to PHP use below function
# JS
function htmlEntities(str) {
return String(str).replace(/&/g, '&').replace(/</g,'<').replace(/>/g, '>').replace(/"/g, '"');
}
let comment = $('#add-comment').val();
const post_variables = {
'comment' : htmlEntities(comment)
};

Related

Can't create a button dynamically with php and js

I'm trying to construct a page as a client logs in through php js interaction as fallows
$hold = ("< button onclick = `
function myFunction(){
alert('works!');
}
myFunction();
` >My balance</button>");
echo hold;
and then i want to send dinamicly to html through js
var Permition = localStorage.getItem("Permition");
$.post('MenuConstructor.php',
{
Permition:Permition
},
function(data){
menu = data;
//alert(data);
document.getElementById("div").innerHTML = menu;
}
);
but for some reson the alert don't work do you guys have any suggestions?
some times i get the error not defined some times i get the error "Unterminated template literal"
"Unterminated template literal"
:) You need escape illegal character.
<div onclick="alert("123")">
<div onclick="alert("123")"> // php htmlspecialchars (maybe) (single ' is &apos;) quot with no "e" at it's end
$url = 'index.html?a='.urlescape($value);
echo ''

JSON.parse() not working even though JSON string is valid

I am trying to post a form through AJAX jQuery. The PHP script to which it points returns a JSON encoded array. But, at the receiving end on the main page JSON.parse() is not working.
Please suggest if I am missing on some file types which need to be included
Here is my code.
< script type = "text/javascript" >
$(document).ready(function() {
$("#send").submit(function() {
//$("#submit_form").html('');
$("#modal-text2").html("<img src=" + "img/loader1.gif "
+ "/></br</br><h4>DATA VALIDATION IN PROCESS !!! PLEASE WAIT</h4>");
$("#myModal2").modal('show');
$.post($("#send").attr("action"), $("#send").serialize(), function(data) {
var decode = JSON.parse(data);
if (decode.err > 0) {
alert("Hi");
}
});
//Important. Stop the normal POST
return false;
});
});
< /script>
The JSON encoded array which is being sent back by the PHP script is:
{"err":8,"er1":1,"er3":1,"er4":1,"er5":1,"er6":1,"er7":1,"er8":1,"er9":1,"error1":"First Name is Required","error3":"Last Name is Required","error4":"Email is Required","error5":"Please Select a Gender","error6":"Date of Birth is Required","error7":"Mobile No is Required","error8":"Password is Required","error9":"Please Fill The Captcha"}
don't know if its the cause of hte problem or if its just a typo in here, but you have a typo in the following line:
<img src="+"img/loader1.gif "+"/></br</br>
you aren't closing the first linebreak, and the slash should come after the br - also not sure why you have so many quuotes in that html block - it should be :
$("#modal-text2").html("<img src='img/loader1.gif'/><br/><br/><h4>DATA VALIDATION IN PROCESS !!! PLEASE WAIT</h4>")
You should console.log(data) to check if the data value has any problem.
use try/catch to catch message if error happened in JSON.parse.
try {
var decode = JSON.parse(data);
}catch(e){
console.log(e) ;
}
Make sure your php responses the json in the right way. Or there may have some invisible character and make the problem.
<?php
$data = ... ;
header('Content-type:application/json;charset=utf-8');
echo json_encode($data) ;
?>
I thought there is a sytax error in your script just check it out in the last line of script the closing tag of < /script> has space, remove it and try -
</script>
i execute the parsing snippet of your code it is working fine.
var data = '{"err":8,"er1":1,"er3":1,"er4":1,"er5":1,"er6":1,"er7":1,"er8":1,"er9":1,"error1":"First Name is Required","error3":"Last Name is Required","error4":"Email is Required","error5":"Please Select a Gender","error6":"Date of Birth is Required","error7":"Mobile No is Required","error8":"Password is Required","error9":"Please Fill The Captcha"}';
var decode = JSON.parse(data);
if (decode.err > 0) {
alert("Hi");
}

how can i use javascript var in scriplets

I am trying to learn jsp. I know a little bit java and I dont know much about html tags so I simple use java codes as much as I can. What I am trying to do there is getting data from variables from text boxes and using them as string.
var text1 =<% request.getParameter("locationId"); %>;
<%
if ((text1 != null && text2 != null) && (!text1.equals("") && !text2.equals(""))) {
kw1 = "'%"+text1+"%'";
kw2 = "'%"+text2+"%'";
.
.
.
}
%>
Scriptlet is executed before any data about webpage get sent from server to client. Whatever you want to do you need to send postback to server (with forms or ajax call). I usually use jQuery so my answer will use it but feel free to modify it to use native JS code. First, I would create a page on server called something like createJsonObject, call it from client with $.ajax (type: "POST") and passed my argument as object
{varID: varID}
On server I would place my JSP on that page, read argumants upon page load, execute function and return object with data to client. In .done() I would do something with that data (display them in form, save them in JS variables...).
Hope this helps you out.
Example (Just showing how you can use Ajax with form example)
HTML form:
<form name="formName" method="post" action="">
<input type="text" name="name" id="firstName" value="" />
<input type="text" name="lastName" id="lastName" value="" />
<input type="submit" name="Update" id="update" value="Update" />
</form>
Ajax Post:
$("#update").click(function(e)
{
e.preventDefault();
var firstName = $("#firstName").val();
var lastName = $("#lastName").val();
var dataObject = {};
dataObject.firstName = firstName;
dataObject.lastName = lastName;
$.ajax({
type:'POST',
data:dataObject,
url:'returnData.php',
success:function(data)
{
alert(data);
}
});
});
PHP:
<?php
$receivedObject = json_decode($_POST['data'], true);
$name = $receivedObject['firstName'];
$lastName = $receivedObject['lastName'];
echo $name . ' ' . $lastName;
?>
I've not test this, so there might be somewhere i've gone wrong. But try something like my example and just ask if you need any help.
Ali, you can not use a javascript variable into jsp scriplate.
<%
String locationId=request.getParameter("locationId");
if ((text1 != null && text2 != null) && (!text1.equals("") && !text2.equals(""))) {
kw1 = "'%"+text1+"%'";
kw2 = "'%"+text2+"%'";
.
.
.
}
%>
but vise versa is possible you can use JSP variable into you javascript code.like this.
<script>
var locationId='<%=request.getParameter("locationId")%>';
alert(locationId);
</script>

Firefox-extension corrupt gzip response

Firefox-extension: http://mikelsv.ru/extension_ci.xpi (update: var site_url="you site/php_code.php"; in chrome\content\accelerator.js )
PHP code: pastebin.com/hbSNfp1e
How work:
<br>
PHP: form method=post action=https://java.shadowlands.ru/zombievk/items?compress=true&lang=ru
extension: if(http-on-examine-response && url=='shadowlands...') new TracingListener();
<br>TracingListener.onDataAvailable(){ this.receivedData.push(data); }
<br>TracingListener.onStopRequest(){ send_post_data(this.receivedData.join()); to site_url; }
PHP: $postdata = file_get_contents("php://input");
<br> gzuncompress(base64_decode($data)));
Problem: gzip data corrupt. All ok if: form action=.../items?compress=true&lang=<b>en</b>
What do I need to do to fix this problem?
I have found the problem. I've omitted the separator argument of the .join method, so the default separator (,) was used. I have resolved the problem by providing an empty string as a separator:
var responseSource = this.receivedData.join();
becomes:
var responseSource = this.receivedData.join('');

get post field by JavaScript

as you know we can get post field by server side language like php,for example in php
$var1 = $_POST['field1']now I wanna know is it possible to get it by JavaScript to?(or any Client Side Language like VBScript)
for example I have page which has got form
<form method = "post" action="test.php">
in test.php I wanna get field by JavaScript,not by php.
Is it possible and how can I do it if it's possible?
You cannot read $_POST data using JavaScript.
When you submit data through the GET method, the generated query string can be read through the location.search object. Another method to "post" data from page 1 to page 2 is by using hashes.
The location object (JavaScript)
location.href = http://example.com/test.php?formElem=value&another=true#hash
location.search = ?formElem=value&another=true
location.hash = #hash
Example (based on the URL at the previous paragraph)
<script>
var $_GET = (function(){
var query_string = location.search.substr(1); //Exclude the first character: `?`
var data = query_string.split(/&+/); //
var $_GET = {};
for(var i=0; i<data.length; i++){
var qs = data.match(/^([^=]+)(?:=(.*))?$/);
$_GET[qs[1]] = qs[2];
}
return $_GET;
})()
alert($_GET["formElem"]); //Alerts "value"
</script>
An alternative method to transmit data from a form to a JavaScript HTML page is by using hashes:
<form action="index.html#someHash" method="get">
<input type="submit" name="someName" value="someValue" />
</form>
After submission, the following page will be requested: index.html?someName=someValue#someHashThe hash is available through the location.hash property.
in your test.php file, echo your post fields as a JSON object.
echo '<script> var data = '. json_encode($_POST).' </script>' ;
It can be accessed as a dictionary in javascript then.
Output in test.php
<script>
var data = { 'field1' : 'value1' , 'field2' : 'value2' } ;
alert(data['field1']);
</script>

Categories