I have a textarea which I'm using JavaScript to retrieve the value of and send to a MySQL database via a PHP script (don't ask why - long story and an unavoidable resolution!).
The PHP script sanitizes the input, but for some reason ampersands aren't ever reaching the said script - it also culls any information after the ampersand.
var Reason = $('textarea#txt_reason').val();
Reason = Reason.replace(/&/g,'&');
If I use the above, all text after the ampersand is culled.
var Reason = $('textarea#txt_reason').val();
Reason = Reason.replace(/&/g,'%26');
If I use the above, the %26 does indeed get sent through to PHP and thus the MySQL database.
If I var_dump the $_GET request in the PHP script, the ampersands never get that far so it isn't anything to do with mysql_real_escape_string/htmlentities etc.
Is there a way I can directly send "&" to my PHP script, without having to encode/decode?
Cheers, Duncan
Any data that you send using Javascript should be encoded with encodeURIComponent(). This will take care of the &, =, and other troublemakers. The data is automatically decoded into the $_GET array.
(Most Javascript frameworks such as JQuery do this for you...)