How to hide or encrypt a query string variable - javascript

How can i make the variable 'success' that is passed to 'payment_success.php' below to be somehow encrypted, i don't want the user to know the exact variable name passed. i wanted using post method, but i can't use it for my call back function. Any idea will be a great help
callback: function(response){
const referenced = response.reference;
window.location.href='payment_success.php?success='+referenced;
},

The following is one of tricks I used in a project trying to hide a piece of data.
Assuming your string variable is "123abc".
You may first add a random suffix of three characters , so the string can be:
AC1 C8D E9u Z77 Vux
After that you may use a further trick to put your code "123abc" into a format like the following
1[3 random characters]2[4 random characters]3a[2 random characters]bc[3 random characters]
So the result of 123abc will be like
XXX1XXX2XXXX3aXXbcXXX
so can be any one of the following:
56f134a2rxxq3a43bcccd
97z1zux289873a5tbczwq
Eu11qzv2739u3auubc76x
and so on....
After passing to your PHP script, please extract the correct data.
If you want to be safer, split the characters more further apart by inserting longer random characters in between.
You may use further imagination to do the trick. For example, generate a string which can be random in length of the "mixing codes".

Related

Best way to concatenate multiple strings?

I have a project, where user can put in drop-down values that can be selected. One can select multiple values at a time. So, we have to store the selection and get it on edit mode.
First thought
Let's store them as comma separated in DB.
f.e.
If suggestions are A , B , C and user selects A and B, I was going to store A,B in DB and while getting back the value split it with comma.
Problem arises when user has genuine "comma" in the field, for an instance first,option & second,option. At that time joining with comma won't work.
Second thought
I can think of another option to store it in a stringified array format and parse it while getting back.
For the above instance, it would store the data as ["first,option","second,option"]. It seems to be a good (and only) option for me.
Even though I have a bit of hesitation doing so (which lead me questioning here!) because my users can access the api/DB value directly and for them it doesn't look good.
So, Is there any other way to address this issue to benefit both parties, developers and users? Thanks in advance!!
I'd suggest using a standardized format such as JSON, XML etc.
Serialize and parse and with a widely used library so all escaping of reserved / special characters is done for you. Rolling your own here will cause you problems!
Better yet, use different fields for each suggestion, this is a better design in general. As long as the number of potential fields is finite this will work, e.g. 1-10 suggestions.
If you're going down the JSON route, we can do this in JavaScript like this:
let suggestions = ['Choice A, commas are not, a problem, though punctuation is.', 'Choice B', 'Choice C'];
let json = JSON.stringify(suggestions);
// Save to DB
saveToDB(json);
let jsonFromDB = loadFromDB();
let deserializedSuggestions = JSON.parse(jsonFromDB);
console.log(deserializedSuggestions);
we use semicolon (;) for this exact use case in our current project.
So, as per your question, they will be stored in the DB as option1;option2;option3
and when we get it back from the DB we can use the split() method on it to convert it into an array of substrings.
var str = "option1;option2;option3";
var res = str.split(";");
console.log(res);
which would result in (3) ["option1", "option2", "option3"] in the console.
hope this helps.

Can a prompt take two arguments at the same time?

I would like to know if a prompt can take two arguments simultaneously, and store them in distinct variables.
Example:
var something = prompt(variable storing a number , variable storing a string)
console.log(variable storing a string);
Is it legal or just pure fantasy? Let me know if it needs more explanation.
the prompt function takes 2 arguments: the text to display and the default text of the input, so that would not work.
I'd suggest you either get the required data through 2 separate prompts or ask the user to provide both in a single prompt and then parse the returned string afterwards to separate the integer and the string.

Slice off and store prefix of string in-place

In my former life, I worked with a couple of languages that used to have a string "slice" option where I could literally "slice" out part of the string and save the sliced out part into another variable.
In JS for example, I want to be able to remove the first 2 positions from a string and store that value into another variable.
It would appear in JS that to accomplish the same thing requires two steps.
var twoDigits = myString.slice(0, 2);
myString = myString.substring(2);
Is there a better way to do this without resorting to writing my own function?

jQuery/JavaScript regex return matched text from string

I am trying to create a fairly complex system for my website. I want to be able to write some pseudo like code and then parse it to make it do something in my back-end.
My data is inside two $.each loops as this is an Object of data with multiple levels to it.
For instance, I want to take a string like this:
"<!this!> == <!PropertyStreetNumber!>"
Then how I would like for the above code to executed is this:
FormData[parentKey][this] == FormData[parentKey]["PropertyStreetNumber"]
Thanks for any help!
Here's some of my code, the code where this would need to go in (see commented area)
http://jsbin.com/liquvetapibu/1/
Is there any restriction not to use regular expressions on JavaScript?
You could do something like this:
var myString = "<!this!> == <!PropertyStreetNumber!>";
var aux = /<!(.*?)!> == <!(.*?)!>/.exec(myString);
The value of aux will be an array with 3 elements:
The string that was tested.
The first element within <! !>
The second element within <! !>
Then it would depend on what the content on each one is: in your example this is an object, while you seem to use PropertyStreetNumber as a string (maybe a typo?). If you want to use it as an object, you will have to use eval() (e.g.: eval(aux[1])) while if you want to use it as a string, you can use it directly (e.g.: aux[2]).
Conceptually, the first thing you would need to do is determine the type of statement you are working with. In this case, a comparison statement. So you need a regex statement to filter this into a "statement type".
Once you do that, you can figure out what the arguments are. So you create a regex to pull out the arguments on each side of the operator.
Next, the strings that represent action code items need to be parsed. The this argument is actually an object, whereas "PropertyStreetNumber" is a string. You've got to be able to determine which is which. Then you can filter that into a function that has been created specifically to handle those statements types.
If at all possible, I would try to avoid the use of eval(). You can get into trouble with it.
you could try with
var beg = str.indexOf("== <!") + 5;
to find the index of the beggining and then slice counting the chars from beginning like
str.slice(beg, -2);
and from there build the rest.
couldnt that work?`

How to view and handle hidden data in variables in javascript

How do I view and extract data inside a variable, populated from another piece of code, that may contain hidden escape characters or data in Javascript (JQuery stuff is fine too)?
For example lets say I have an Ajax call such as this, where data is printed from a back-end script written in Lua:
success: function(data)
{
dataItems = data.split(",");
}
Lets say I'm expecting a four letter string in each of the dataItems array. If I use Chrome or Firefox putting a breakpoint on dataItems I see each array containing a four letter string and I'm happy because it looks right and I can now process it. However if I do a print(dataItems[1].length) for example I notice it has a length of 5, and my debugger shows dataItems[1]="abcd", obviously there is something hidden inside it that doesn't show easily as part of the arrays variable. Is there a better way to catch and view these hidden pieces of information preferably in a browser debugger? How does one go about removing this undesired data once it is recognized.
I think it's surrounded with empty spaces.
Try:
console.log(dataItems[1].trim().length);

Categories