Search code examples
phpjavascriptsql-serverbackslash

Dealing with backslashes in JavaScript, PHP and MSSQL


Before I get anywhere with this post, let me make this clear, there is absolutely nothing I can change about the string I'm about to show you, it must stay as it is.

I need to find some way of parsing a string without any escaping mechanisms. I have this string: "A2&11203[3\813+!5>di" which is used by this program I'm forced to deal with.

SQL parses that string just fine (backslash and all), but JavaScript and PHP keep using it as an escaping mech and removing the number 8.

What happens in my application is it receives that string and then using JavaScript, redirects to a webpage along with the string, the problem here is the backslash is being removed, which I must have.

I found this code in another stackoverflow post, and it works for what I need, but I need to stop JavaScript (and eventually PHP) from removing the backslash.

function post_to_url(path, params, method) {
    method = method || "post"; // Set method to post by default, if not specified.

    // The rest of this code assumes you are not using a library.
    // It can be made less wordy if you use one.
    var form = document.createElement("form");
    form.setAttribute("method", method);
    form.setAttribute("action", path);

    for(var key in params) {
        if(params.hasOwnProperty(key)) {
            var hiddenField = document.createElement("input");
            hiddenField.setAttribute("type", "hidden");
            hiddenField.setAttribute("name", key);
            hiddenField.setAttribute("value", params[key]);

            form.appendChild(hiddenField);
         }
    }

    document.body.appendChild(form);
    form.submit();
}

The string needs to be processed completely raw, i just checked the database and there are several cases with multiple backslashs everywhere along with damn near any character you can find on an english keyboard.

Any ideas as to what I can do about this issue? I'm forced to use JavaScript as the main redirector.


Solution

  • With no way to properly escape backslashes, we changed to passing 4 other fields that would identify the account and then pulled the accountno within php, no more need to escape anything.