I've run into an interesting problem. If I submit my PHP form the "tradtional" way with an action via post I capture the form data as follows:
headline:I%27m+just+here+for+friends%21
I escape the data server side before adding it to my DB using : mysql_real_escape_string($string) and everything is great.
If I now submit that same form using jqueries $.post method and pass it my serialize data
$.post("save_data.php", $("#form_id").serialize(),
function(data) {
// process my results
}
);
it looks like this:
headline:I'm+just+here+for+friends!
The mysql_real_escape call doesn't actually work anymore because I'm assuming the data has or has not been encoded properly. Is there a work around for this or a way to encode the form data before posting it?
Here is how I'm currently processing the form data inside PHP:
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$result = updateDataEntry($_POST);
}
$_POST sees the serialized form data as: headline:I'm+just+here+for+friends! so using mysql_real_escape_string($string) inside my updateDataEntry method is still adding escape characters inside the DB.
After several hours of tearing my hair out I found the issue. magic quotes were enabled in my php.ini file. If anyone else runs into this you can turn them off as shown below:
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off
Now everything is working great!