Best practice escape special data
Best practice escape special data
sjw01
Posts: 67Questions: 36Answers: 1
I am having issues with data that keeps breaking the DataTables.
Problem is that there are some fields which are entered manually by end users in a separate system and they keep entering bad data which breaks the table. Each time I find it, I implement a fix to escape the data but it keeps occuring (new data that apparently isn't escaped)
I am using PHP to generate the JSON string.
I was using json_encode() for the manually entered fields but this missed some special characters, so I added htmlentities() but now a backslash has made its way into the data and I need to add another function to strip the character...
Just wondering if there is a best practice for this because I'm thinking json_encode( htmlentities( stripslashes($data) ) ) is probably not the most economical way of producing the correct data format...
I understand that this is a PHP issue and not DataTables but thought this might be a common issue that many people have overcome?
Thanks
Answers
We would suggest that the data that goes into the database is cleansed and sanitised, so it would always come out as expected. If that's not possible for whatever, it would be best to correct the data on the server still while building the JSON string.
Colin