我正在向laravel发出Ajax请求 - 但由于某种原因,我的自定义函数没有转义特殊字符。我无法弄清楚为什么。我在CodeIgniter中使用了这个完全相同的函数,它可以很好地转义输出。所有数据都可以很好地返回到JS文件 - 但它并没有逃避任何事情。这是代码:
public function store( Request $request, $project_id ) {
//current logged in user.
$user_id = auth()->user()->id;
//get all post inputs
$inputs = $request->all();
//make sure project ID belongs to current user. Stop someone from adding a task to your project that isn't you.
$projectBelongsToUser = Project::find(1)->where('user_id', $user_id)->where('id', $project_id)->get();
//if a project ID and inputs are provided - log them to the database, if not redirect to home with $errors.
if( $project_id && $inputs['description'] && $projectBelongsToUser ) {
$task = New Task;
$task->description = $inputs['description'];
$task->due_date = $inputs['due_date'];
$task->priority = $inputs['priority'];
$task->completed = 0;
$task->order = 0;
$task->user_id = $user_id;
$task->project_id = $project_id;
$task->save();
//get all tasks
$tasks = Task::where('user_id', $user_id)->where('project_id', $project_id)->orderBy('description', 'asc')->get();
//sanitize tasks for safe output
function sanitize_object_h( $array ) {
$array_modified = $array;
foreach( $array_modified as $object ) {
foreach( $object as &$item ) {
$item = htmlentities( $item, ENT_QUOTES );
}
//end foreach
}
//end foreach
return $array_modified;
}
//end sanitize_object_h
$sanitized_tasks = sanitize_object_h( $tasks );
//return the sanitized object.
echo json_encode( sanitize_object_h( $tasks ) );
} else {
echo "failed";
return;
}//end if
}//end store
答案 0 :(得分:0)
首先,我没有修复逃脱。 Htmlentities应该有效,但在我看来(some others)你并不需要。 Json_encode我自己逃脱了制作有效JSON所需的所有字符。但是,我试图提高代码的可读性。
Laravel可以做很多你想做的事情。
public function store( Request $request, $project_id ) {
if(!$project_id)
abort(404, "Bad id");
// make sure all inputs exist
$this->validate($request, [
'description' => 'required',
'due_date' => 'required',
'priority' => 'required'
]);
//get all post inputs
$inputs = $request->all();
//make sure project ID belongs to current user. Stop someone from adding a task to your project that isn't you.
$project = Project::findOrFail($project_id);
if($project->user_id != Auth::user()->id)
abort(403, 'Not your thing');
$task = New Task;
$task->description = $inputs['description'];
$task->due_date = $inputs['due_date'];
$task->priority = $inputs['priority'];
$task->completed = 0;
$task->order = 0;
$task->user_id = $user_id;
$task->project_id = $project_id;
$task->save();
//get all tasks
$tasks = Task::where('user_id', $user_id)->where('project_id', $project_id)->orderBy('description', 'asc')->get();
return Response::json($tasks);
}//end store
注意中止。我认为它的功能相当明显,但如果您愿意,也可以使用return "error";
,因为它看起来像API。 FindOrFail。如果记录不存在,它将抛出404(除非你抓住它)。