Escape strings issue universal fix

Escape strings #onebigissue in programming, My solution works for all.

Say I have a textarea field “notes”


To encode all the special characters for passing the data, you’ll need to use “encodeURIComponent()”.
The encodeURIComponent doesn’t encode ~!*()’
To encode the remaining i have a function to replace single quotes in an encoded string.

function encodeURIComponentReplace(encodeString){
  //encodeURIComponent() will not encode: ~!*()' - use this function to do the job	
  var intIndexOfMatch = encodeString.indexOf( "'" );
  while (intIndexOfMatch != -1){
    encodeString = encodeString.replace( "'", "%27" )
    intIndexOfMatch = encodeString.indexOf( "'" );
  }
  return encodeString;
}

If you send the parameters in GET method to PHP backend,
you’ll receive parameter values with added slashes.
You should strip slashes and convert the htmlentities before database insert/update.

PHP:
$notes=htmlspecialchars(stripslashes($notes),ENT_QUOTES);

If you send the parameters in POST method you do not have to do the above step.

Retrieving the data from the database using PHP.

If you are simply echoing values from the database to front-end use the following PHP code:
$notes=rawurldecode(htmlspecialchars_decode($notes,ENT_QUOTES));

If you are sending values in a json array do the following before encoding:
$notes=rawurldecode($notes);
then json_encode the output array.

What happens when you type in a URL in browser?

  1. As you type in the characters in the address bar, browser’s auto-complete mechanism kicks in, showing bunch of cached urls (only matching).
  2. On pressing enter, keyboard event fired (or) mouse click event if it’s a mouse click.
  3. Browser requests OS to check local DNS cache (where all the previously visited DNS records stored) for the IP Address of the server, if the records not stored locally then the request is handled by the recursive DNS servers located at your ISP, if it is not still not found then the request goes to root name servers (13). These name servers contains pointers for all the TLDs (Top Level Domains .com, .net, .org). Name servers looks at the top level domain and direct the query to the TLD DNS servers corresponding pointers.
    TLD DNS servers do not store all the records, instead they keep track of authoritative name servers for all the domains with their TLDs. TLD DNS servers looks at the next part of the query from right to left then direct the query to authoritative name server for the URL.
    Authoritative name servers contains all of the DNS records for the given domain such as host records, mx records etc. The recursive DNS server at the ISPs receives host record from the authoritative servers and stores the record in its cache for the future use. The host record is given to your computer it will be stored in your local DNS cache for future use and passes the information to the browser.
  4. the browser opens a TCP connection with the host and makes http/https request on port 80 (or) any specific port. the web server at the host sends a web page at that URL.