用ajax發送特殊字符並將它們正確接收到php

Question

我有一個javascript函數，它獲取參數的一些數據並嘗試將它們保存在postgreSQL數據庫中。這是JavaScript的AJAX功能

function insertCalendarEvents(calendar_group, event_name, event_datestart, event_datestop, event_timestart, event_timestop, event_info, onfinish) { 
    var request; 
    if(window.XMLHttpRequest) 
     request = new XMLHttpRequest(); 
    else 
     request = new ActiveXObject("Microsoft.XMLHTTP"); 

    request.onreadystatechange = function() { 
     if (request.readyState == 4 && request.status == 200) {alert(request.responseText); 
      if(request.responseText.substr(0, 6) == "error ") 
       alert(errorName[request.responseText.substr(6)]); 
      else { 
       var event_id = 7; 
       onfinish(event_id); 
      } 
     } 
    } 

    var params = "action=insertCalendarEvents&calendar_group=" + calendar_group + "&event_name=" + encodeURIComponent(event_name) + "&event_datestart=" + event_datestart + "&event_datestop=" + event_datestop + "&event_timestart=" + event_timestart + "&event_timestop=" + event_timestop + "&event_info=" + event_info; 
    request.open("GET", "php/calendar.php?" + params, true); 
    request.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT"); 
    request.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=UTF-8"); 
    request.send(); 
} 

這是PHP函數：

if($action == "insertCalendarEvents") { 
$calendar_group = $_GET["calendar_group"]; 
    $event_name = "'" . htmlspecialchars(urldecode($_GET["event_name"])) . "'"; 
    $event_datestart = "'" . $_GET["event_datestart"] . "'"; 
    $event_datestop = "'" . $_GET["event_datestop"] . "'"; 
    $event_timestart = $_GET["event_timestart"] != "" ? "'" . $_GET["event_timestart"] . "'" : "null"; 
    $event_timestop = $_GET["event_timestop"] != "" ? "'" . $_GET["event_timestop"] . "'" : "null"; 
    $event_info = "'" . $_GET["event_info"] . "'"; 
    echo $event_name; 

    require_once("connect.php"); 
$query = "INSERT INTO calendar_events (calendar_group, event_name, event_datestart, event_datestop, event_timestart, event_timestop, event_info) VALUES (" . $calendar_group . ", " . $event_name . ", " . $event_datestart . ", " . $event_datestop . ", " . $event_timestart . ", " . $event_timestop . ", " . $event_info . ")"; 
$result = pg_query($connect, $query); 
if(!$result) 
    die("error 1"); // query error 

    $query = "SELECT currval('events_event_id_seq')"; 
    $result = pg_query($connect, $query); 
    if(!$result) 
    die("error 1"); // query error 

    $row = pg_fetch_row($result); 
    echo $row[0]; 
} 

問題是當我嘗試添加特殊字符（現在我對EVENT_NAME參數只測試），如+或換行所以，它不起作用，在+它用空格替換它，換行符不做任何事情。

Answer 1

你應該將它添加到查詢字符串在之前通過Ajax

Answer 2

您需要通過encodeURIComponent通過發送數據之前使用您的參數encodeURI()。

---

而且擺脫這些行：

request.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT"); 

我會感到驚訝，如果這並非總是如此。

request.setRequestHeader("Content-type", "application/x-www-form-urlencoded; charset=UTF-8"); 

您沒有發出POST請求。沒有消息體來描述內容類型。

Answer 3

使用POST應該安全地傳送您的DATAS加上更符合邏輯您發送到服務器

我也有問題，就像你現在不過這個功能我以前使用從客戶端

Answer 4

編碼數據更新的東西實施解決我的問題

function encode(val){ 
     var eVal; 
     if(!encodeURIComponent){ 
      eVal=escape(val); 
      eVal=eVal.replace(/@/g,"%40"); 
      eVal=eVal.replace(/\//g,"%2F"); 
      eVal=eVal.replace(/\+/g,"%2B"); 
      eVal=eVal.replace(/'/g,"%60"); 
      eVal=eVal.replace(/"/g,"%22"); 
      eVal=eVal.replace(/`/g,"%27"); 
      eVal=eVal.replace(/&/g,"%26"); 
     }else{ 
      eVal=encodeURIComponent(val); 
      eVal=eVal.replace(/~/g,"%7E"); 
      eVal=eVal.replace(/!/g,"%21"); 
      eVal=eVal.replace(/\(/g,"%28"); 
      eVal=eVal.replace(/\)/g,"%29"); 
      eVal=eVal.replace(/'/g,"%27"); 
      eVal=eVal.replace(/"/g,"%22"); 
      eVal=eVal.replace(/`/g,"%27"); 
      eVal=eVal.replace(/&/g,"%26"); 
     } 
     return eVal.replace(/\%20/g,"+"); 
    }