0

I have a long json string that I send to the PHP server using AJAX post request. My problem is I really can't escape the strings or the values of the said json. Here is the json data

The PHP function on the HTML tab and the json on the JS tab.

The json above have already passed to json_decode function in php and var_dump. Notice the data at object['rest_data']['q25']['q25_others'] the data is "25 others "" and must be "25 others \"". I used this recursive function thinking that will do the work.

The $this->Escape($value) is with the same class with the recursive function that I use above. And the Escape function is just for escaping the strings that may cause SQL problems during insert.

Any suggestion.? I'm out of idea. Thanks!

function deep_escape($array){
  foreach($array as $key => $value) {
    if(is_array($value)){
      $this->deep_escape($value);
    } else {
      $array[$key] = $this->Escape($value);
    }
  }
  return $array;
}

How I create the JSON

all_get_data = {
  "q16": $('#survey_question_16').val(),
  "q17": {
    "q17_select": $('#survey_question_17').val(),
    "q17_others": $('#survey_question_17_others').val(),
  },
  "q18": {
    "q18_select": $('#survey_question_18').val(),
    "q18_others": $('#survey_question_18_others').val(),
  },
  "q19": $('#survey_question_19').val(),
  "q20a": $('#survey_question_20a').val(),
  "q20b": $('#survey_question_20b').val(),
  "q21": $('#survey_question_21').val(),
  "q22": $('#survey_question_22').val(),
  "q23": {
    "q23_select": $('#survey_question_23').val(),
    "q23_others": $('#survey_question_23_others').val(),
  },
  "q24": $('#survey_question_24').val(),
  "q25": {
    "q25_select": $('#survey_question_25').val(),
    "q25_others": $('#survey_question_25_others').val(),
  },
  "q26": {
    "q26_select": $('#survey_question_26').val(),
    "q26_others": $('#survey_question_26_others').val(),
  },
  "q27": {
    "q27_select": $('#survey_question_27').val(),
    "q27_others": $('#survey_question_27_others').val(),
  },
  "q28": {
    "q28_select": $('#survey_question_28').val(),
    "q28_others": $('#survey_question_28_others').val(),
  },
  "q29": {
    "q29_select": $('#survey_question_29').val(),
    "q29_others": $('#survey_question_29_others').val(),
  },
  "q30": "",
  "q31": $('#survey_question_31').val(),
  "q32": $('#survey_question_32').val(),
  "q33": {
    "q33_select": $('#survey_question_33').val(),
    "q33_others": $('#survey_question_33_others').val(),
  },
  "q34": $('#survey_question_34').val(),
};

Object dump

array(5) {["part_i"]=>
  array(11) {["name"]=>string(0) ""
    ["permAdd"]=>string(0) ""
    ["email"]=>string(0) ""
    ["con_no"]=>string(0) ""
    ["mo_no"]=>string(0) ""
    ["civil"]=>NULL
    ["gender"]=>NULL
    ["bday"]=>string(0) ""
    ["region"]=>NULL
    ["province"]=>string(0) ""
    ["locationResidence"]=>NULL
  }
  ["part_ii"]=>array(3) {
    ["row1"]=>array(4) {
      ["el_1"]=>string(0) ""
      ["el_2"]=>string(0) ""
      ["el_3"]=>string(0) ""
      ["el_4"]=>string(0) ""
    }
    ["row2"]=>array(4) {
      ["el_1"]=>string(0) ""
      ["el_2"]=>string(0) ""
      ["el_3"]=>string(0) ""
      ["el_4"]=>string(0) ""
    }
    ["row3"]=>array(3) {
      ["el_1"]=>string(0) ""
      ["el_2"]=>string(0) ""
      ["el_4"]=>string(0) ""
    }
  }
  ["part_iii"]=>array(2) {
    ["erow1"]=>array(3) {
      ["eel_1"]=>string(0) ""
      ["eel_2"]=>string(0) ""
      ["eel_3"]=>string(0) ""
    }
    ["erow2"]=>array(3) {
      ["eel_1"]=>string(0) ""
      ["eel_2"]=>string(0) ""
      ["eel_3"]=>string(0) ""
    }
  }
  ["part_iv"]=>array(2) {
    ["q15a"]=>array(3) {
      ["q15a_row1"]=>array(3) {
        ["q15a_el1"]=>string(0) ""
        ["q15a_el2"]=>string(0) ""
        ["q15a_el3"]=>string(0) ""
      }
      ["q15a_row2"]=>array(3) {
        ["q15a_el1"]=>string(0) ""
        ["q15a_el2"]=>string(0) ""
        ["q15a_el3"]=>string(0) ""
      }
      ["q15a_row3"]=>array(3) {
        ["q15a_el1"]=>string(0) ""
        ["q15a_el2"]=>string(0) ""
        ["q15a_el3"]=>string(0) ""
      }
    }
    ["q15b"]=>array(2) {
      ["q15b_select"]=>NULL
      ["q15b_others"]=>string(0) ""
    }
  }
  ["rest_data"]=>array(20) {
    ["q16"]=>NULL
    ["q17"]=>array(2) {
      ["q17_select"]=>array(0) {}
      ["q17_others"]=>string(0) ""
    }
    ["q18"]=>array(2) {
      ["q18_select"]=>NULL
      ["q18_others"]=>string(0) ""
    }
    ["q19"]=>string(0) ""
    ["q20a"]=>string(2) ""'"
    ["q20b"]=>NULL
    ["q21"]=>NULL
    ["q22"]=>NULL
    ["q23"]=>array(2) {
      ["q23_select"]=>array(0) {}
      ["q23_others"]=>string(0) ""
    }
    ["q24"]=>NULL
    ["q25"]=>array(2) {
      ["q25_select"]=>array(5) {
        [0]=>string(21) "Salaries_and_Benefits"
        [1]=>string(16) "Career_challenge"
        [2]=>string(25) "Related_to_special_skills"
        [3]=>string(22) "Proximity_to_residence"
        [4]=>string(5) "other"
      }
      ["q25_others"]=>string(11) "25 others ""
    }
    ["q26"]=>array(2) {
      ["q26_select"]=>array(0) {}
      ["q26_others"]=>string(0) ""
    }
    ["q27"]=>array(2) {
      ["q27_select"]=>NULL
      ["q27_others"]=>string(0) ""
    }
    ["q28"]=>array(2) {
      ["q28_select"]=>NULL
      ["q28_others"]=>string(0) ""
    }
    ["q29"]=>array(2) {
      ["q29_select"]=>NULL
      ["q29_others"]=>string(0) ""
    }
    ["q30"]=>
    string(0) ""
    ["q31"]=>
    NULL
    ["q32"]=>
    NULL
    ["q33"]=>
    array(1) {
      ["q33_select"]=>
      array(0) {
      }
    }
    ["q34"]=>
    string(0) ""
  }
}

JSON structure

{
  "part_i": {
    "name": "",
    "permAdd": "",
    "email": "",
    "con_no": "",
    "mo_no": "",
    "civil": null,
    "gender": null,
    "bday": "",
    "region": null,
    "province": "",
    "locationResidence": null
  },
  "part_ii": {
    "row1": {
      "el_1": "",
      "el_2": "",
      "el_3": "",
      "el_4": ""
    },
    "row2": {
      "el_1": "",
      "el_2": "",
      "el_3": "",
      "el_4": ""
    },
    "row3": {
      "el_1": "",
      "el_2": "",
      "el_4": ""
    }
  },
  "part_iii": {
    "erow1": {
      "eel_1": "",
      "eel_2": "",
      "eel_3": ""
    },
    "erow2": {
      "eel_1": "",
      "eel_2": "",
      "eel_3": ""
    }
  },
  "part_iv": {
    "q15a": {
      "q15a_row1": {
        "q15a_el1": "",
        "q15a_el2": "",
        "q15a_el3": ""
      },
      "q15a_row2": {
        "q15a_el1": "",
        "q15a_el2": "",
        "q15a_el3": ""
      },
      "q15a_row3": {
        "q15a_el1": "",
        "q15a_el2": "",
        "q15a_el3": ""
      }
    },
    "q15b": {
      "q15b_select": null,
      "q15b_others": ""
    }
  },
  "rest_data": {
    "q16": null,
    "q17": {
      "q17_select": [],
      "q17_others": [""]
    },
    "q18": {
      "q18_select": null,
      "q18_others": ""
    },
    "q19": "",
    "q20a": "'",
    "q20b": null,
    "q21": null,
    "q22": null,
    "q23": {
      "q23_select": [],
      "q23_others": ""
    },
    "q24": null,
    "q25": {
      "q25_select": [
        "Salaries_and_Benefits",
        "Career_challenge",
        "Related_to_special_skills",
        "Proximity_to_residence",
        "other"
      ],
      "q25_others": "25 others "
    },
    "q26": {
      "q26_select": [],
      "q26_others": ""
    },
    "q27": {
      "q27_select": null,
      "q27_others": ""
    },
    "q28": {
      "q28_select": null,
      "q28_others": ""
    },
    "q29": {
      "q29_select": null,
      "q29_others": ""
    },
    "q30": "",
    "q31": null,
    "q32": null,
    "q33": {
      "q33_select": []
    },
    "q34": ""
  }
}
Improve this question
21
  • It would be interesting to see how you create this JSON String and see its contents before it gets to PHP Commented Jan 23, 2017 at 15:05
  • Yes, StackOverflow Commented Jan 23, 2017 at 15:07
  • 2
    Don’t assemble JSON yourself. Built up a proper data structure (arrays/objects), and then use json_encode (PHP) or JSON.stringify (JS) to create proper JSON out of it. That will automatically take care of all necessary escaping. (As far as the context JSON is concerned. Why you bring SQL into it, is unclear. If you need to secure data before inserting it into the database, then you do that at the exact point where this database insert happens. To encode/escape the data for this purpose earlier already is nonsense.) Commented Jan 23, 2017 at 15:16
  • 1
    I think you are trying to solve a NON Problem, just use json_decode() to convert the JSONStrng into a PHP array/Object Commented Jan 23, 2017 at 15:16
  • 1
    @Mr. Polywhirl didnt you mean json_encode($json,JSON_PRETTY_PRINT);? -- object from PHP into a proper JSON string Commented Jan 23, 2017 at 15:34

1 Answer 1

Reset to default
1

There is a problem with your function

function deep_escape($array){
  foreach($array as $key => $value) {
    if(is_array($value)){
      $this->deep_escape($value); // <----------- This line does nothing.
    } else {
      $array[$key] = $this->Escape($value);
    }
  }
  return $array;
}

See, you either want to be able to call your function like this

$instance->deep_escape($array);

and have the array be modified. In that case you need to declare it like this :

function deep_escape(&$array){                  // notice the '&'
  foreach($array as $key => &$value) {        // again '&'
    if(is_array($value)){
      $this->deep_escape($value);
    } else {
      $value = $this->Escape($value);
    }
  }
                                               // no "return" statement
}

Or you want to call it like this :

$escaped_array = $instance->deep_escape($array);

Which is the way I think you went for, in that case, you need to change that line 4 of your function :

function deep_escape($array){
  foreach($array as $key => $value) {
    if(is_array($value)){
      $array[$key] = $this->deep_escape($value);
    } else {
      $array[$key] = $this->Escape($value);
    }
  }
  return $array;
}
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Nice but I think the point is that all this is unnecessary if the JSON String is created properly in the first place
@RiggsFolly OP never creates JSON, that is a dump for a PHP object. Don't get them confused. I added what I believe is the JSON structure at the bottom of the question.
I believe the JSON String is created properly by the JS part and properly parsed into an array with json_decode(). The point here is to escape potentially harmful strings before sending it to the database
@KiJéy Thank you for you answer, it helped me ^_^
@MerIgos always a pleasure ^_^ did it solve your problem ?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.