serialize()不适用于撇号

时间:2011-11-05 17:23:36

标签: jquery serialization

在尝试动态提交表单时,我的代码遇到了一些问题。 serialize()函数很有效,除非表单字段中有撇号。

从其他地方我看过网上,看来serialize()应该照顾它。由于一些奇怪的原因,它失败了。

这是我的代码:

//Submit Edit Facility form data
$("#Facility_Edit").click(function() {  
    var dataString = $("#edit_facility").serialize();

    alert (dataString); //return false;
    $.ajax({
        type: "POST",
        url: "process.php",
        data: dataString,
        success: function() {
          $('#submitresults').html("<div id='message' class='alert-message fade in' data-alert='alert'></div>");
          $('#message').html("<b>Account has been edited successfully!</b>")
          .append("<p>If you would like to make more changes, please do so below. Otherwise, please click <a href='facility.php?facility_id=<?php echo $facility_id;?>'>here to view the account.</p>")
          .hide()
          .fadeIn(1500, function() {
            $('#message').prepend("<a class='close' href='#'>&times;</a>");
            setTimeout('window.location="facility.php?facility_id=<?php echo $facility_id;?>&action=edit"', 3000)
          });
        }
    });

    return false;
});

这是我用撇号收到的输出:

Facility_Name=Coeur+d'Alene+Homes+&Facility_Type=Assisted+Living+Facility&
Facility_Address=624+W+Harrison&Facility_Beds=&Facility_City=Coeur+d'Alene&
Facility_State=ID&Facility_Zip=83814&Facility_OC=Tambra&Facility_Phone=&Facility_HCC=&
Facility_Fax=&Facility_Team=CDA&Facility_DC=&facility_facilitypreference_status=&
Facility_ID=1305&Submit_Type=editfacility

注意,当删除撇号时,代码运行良好并正确提交。我该如何解决这个问题?

编辑:添加了PHP端代码 

$facility_name = htmlspecialchars(trim($_POST['Facility_Name']));               
$facility_type = htmlspecialchars(trim($_POST['Facility_Type']));
$facility_address = htmlspecialchars(trim($_POST['Facility_Address']));         
$facility_zip = htmlspecialchars(trim($_POST['Facility_Zip']));
$facility_oc = htmlspecialchars(trim($_POST['Facility_OC']));               
$facility_hcc = htmlspecialchars(trim($_POST['Facility_HCC']));
$facility_phone = htmlspecialchars(trim($_POST['Facility_Phone']));             
$facility_beds = htmlspecialchars(trim($_POST['Facility_Beds']));
$facility_fax = htmlspecialchars(trim($_POST['Facility_Fax']));             
$facility_dc = htmlspecialchars(trim($_POST['Facility_DC']));

我也试过了:

$facility_name = htmlspecialchars(addslashes(trim($_POST['Facility_Name'])));               
$facility_type = htmlspecialchars(trim($_POST['Facility_Type']));
$facility_address = htmlspecialchars(addslashes(trim($_POST['Facility_Address'])));

4 个答案:

答案 0 :(得分:1)

var dataString = $("#edit_facility").serialize().replace(/\'/g,'\\\'');

或更好,使用各种javascript“addslashes”功能之一。

但是,如果你这样做会发生什么

$_POST = array_map('addslashes', $_POST);

答案 1 :(得分:1)

您是否尝试过使用encodeURI? :

var dataString = encodeURI($("#edit_facility").serialize());

如果这不起作用,那么不要冒任何风险:尝试使用htmlspecialchars

var dataString = htmlspecialchars($("#edit_facility").serialize() , 'ENT_QUOTES')

在你的php make:

$facility_name = trim($_POST['Facility_Name']));

我希望你能解决问题。

修改

我用两个文件进行了测试:

<强> serialize.php 

<!DOCTYPE html>
<html>
<head>
</head>
<body>
<div id="post">
</div>
<form name="form1" id="form1" action="#">
    <p><input type="text" id="Facility_Name" name="Facility_Name" value="Coeur d'Alene Homes"/>
    <p><input type="text" id="Facility_Type" name="Facility_Type" value="Assisted Living Facility"/>
    <p><input type="text" id="Facility_Address" name="Facility_Address" value="624 W Harrison"/>

    <p><button type="button" id="send">Send</button>
</form>
<script src="http://code.jquery.com/jquery-1.7.min.js"></script>
<script>
    $(function(){
        $('#send').click(function(){
            $.ajax({
                type: "POST",
                url: "serialize1.php",
                data: $('#form1').serialize(),
                success: function(sData) {
                    $('#post').html(sData);
                }
            });
        });
    });
</script>
</body>
</html>

<强> serialize1.php 

<?php
echo '<pre>';
var_dump($_POST);
echo '</pre>';
?>

在chrome,firefox和IE中的serialize1.php中我得到:

array(3) {
  ["Facility_Name"]=>
  string(19) "Coeur d'Alene Homes"
  ["Facility_Type"]=>
  string(24) "Assisted Living Facility"
  ["Facility_Address"]=>
  string(14) "624 W Harrison"
}

为了帮助您,我希望能够向我提供更多信息。

答案 2 :(得分:0)

好的,如果您使用的是PHP,我建议您使用PDO。准备好的语句默认转义所有内容,不需要额外的编码。例如

PHP SIDE CODE 

$facility_name = $_POST['Facility_Name'];
$Insert = $pdo-Prepare("Insert into table (`id`, `facility_name `) VALUES (NULL,:facility_name )");
$Insert->bindParam(':facility_name ',$facility_name);
$insert->execute();

关于它。什么都没有。

答案 3 :(得分:0)

2017年,我发现很难相信这个问题仍然存在。

首先,让我向您介绍序列化的工作原理。这是一个例子:

a:6:{i:0; s:27:“我不介意,这是她”;我:1; s:14:“他自己的选择”;我:2; s:27:“我只要他“我:3:s:52:”她愿意在我的帮助下做任何事情来打击它“

现在,a:6告诉您序列化数组中有六个元素。之后,i:0,意味着这是第一个元素。现在您看到了问题,s:27告诉该字符串有27个字符。但我确实注意到当有一个 - &gt; '&lt; ---在字符串中,它不是1而是2个字符。这意味着序列化不会失败。当字符串进入数据库时​​,字符串中有27个字符。但数据库看到\'并删除\只留下'。当这些数据返回PHP并尝试反序列化时,它会看到s:27,但是一个包含26个字符的字符串。这就是问题开始的时候。

我的解决方案是在反序列化之前修复字符串:

$ question_level ['answers1'] = str_replace('\'','\\'',$ question_level ['answers1']);

相关问题
最新问题