I'm trying to submit a JSON string from a form on the client side to a PHP script.

So, for example, the contents would be:


{"aGuest":[{"name":"one"}],"title":"two"}

When I submit that on another server, that's what I get coming through to the PHP. That's what I want. However, on HostMonster, I've found that it seems to be escaping the request variable contents, so it comes through as:


{\"aGuest\":[{\"name\":\"one\"}],\"title\":\"two\"}

Any ideas how I can turn this off? Or at least how I can get PHP's json_decode() to understand a JSON string formatted this way?

Thanks!

It might be a bit more work, but couldn't you create a function that would take the string, explode() out the "\" and then peice it back together the proper way?



echo "UNTESTED!";

function reformatJSON($inputString)
{
$stringArray = explode("\\", $inputString);
$newString = $stringArray[0].$stringArray[1].$stringArray[2].$stringArray[3].$stringArray[4].$stringArray[5].$stringArray[6].$stringArray[7].$stringArray[8].$stringArray[9];

return $newString;
}


I will run some tests, but that's the idea, unless it doesn't work, then it's just silly ...

I thought of that, but the problem is, what if there's a genuine " in one of the JSON variables? I want it to come through as:


{"aGuest":[{"name":"one"}],"title":"two and \"three\""}

Whereas that function would strip out the geniune \" from the strings.

I suppose you could then just skip all the \\\" and change them separately...but it's just getting messy - I want to know (and fix!) the root cause of the problem.

Can we see some of the php code?

(by the way, here is the working function: Won't work in the case where there is actual quotes)

only for those that want to play:


$originalJSON = "{\"aGuest\":[{\"name\":\"one\"}],\"title\":\"two\"}";
function reformatJSON($inputString)
{
$stringArray = explode("\\", $inputString);
$newString = "";

foreach($stringArray as $string) {

$newString .= $string;
}
return $newString;
}
$newJSON = reformatJSON($originalJSON);
echo '<p>{"aGuest":[{"name":"one"}],"title":"two"}</p>';
echo "<p>$newJSON</p>\n";

The only other option I just thought of is a possible php.ini variable that automatically escapes these types of strings, though I've not run into that in the past.

I'm looking this up right now.

This link might be right up your alley:

http://www.php.net/manual/en/function.get-magic-quotes-gpc.php#95697

This link might be right up your alley:

http://www.php.net/manual/en/function.get-magic-quotes-gpc.php#95697

Perfect shadmego, that's exactly what I was looking for. The "magic_quotes_gpc" php.ini option was to blame, so I've just turned that off and the JSON string is coming through without the stupid escaping.

Thanks a bunch!

Magic quotes is a pretty valuable module to have enabled. I would personally leave it on and use the stripslashes() (http://php.net/manual/en/function.stripslashes.php) function in PHP.

Magic quotes is a pretty valuable module to have enabled. I would personally leave it on and use the stripslashes() (http://php.net/manual/en/function.stripslashes.php) function in PHP.

Why is it valuable?

Why is it valuable?

Escape characters effectively prevent injection attacks. By disabling the module on your account, you open up a very significant security hole. Unless you practice very secure scripting, there is a good chance that your code will be compromised by injection.

In my experience, even the best coders make mistakes. Magic Quotes helps reduce the consequences of those mistakes.