escaping - Laravel - htmlentities -

-

i making ajax requests laravel - reason custom function not escaping special characters. can't figure out why. have used exact same function in codeigniter , escapes output fine. of data getting returned fine js file - it's not escaping anything. here code:

public function store( request $request, $project_id ) {     //current logged in user.      $user_id = auth()->user()->id;       //get post inputs      $inputs = $request->all();       //make sure project id belongs current user.  stop adding task project isn't you.      $projectbelongstouser = project::find(1)->where('user_id', $user_id)->where('id', $project_id)->get();        //if project id , inputs provided - log them database, if not redirect home $errors.      if( $project_id && $inputs['description'] && $projectbelongstouser ) {          $task = new task;          $task->description = $inputs['description'];         $task->due_date    = $inputs['due_date'];         $task->priority    = $inputs['priority'];         $task->completed   = 0;         $task->order       = 0;         $task->user_id     = $user_id;         $task->project_id  = $project_id;         $task->save();          //get tasks         $tasks = task::where('user_id', $user_id)->where('project_id', $project_id)->orderby('description', 'asc')->get();          //sanitize tasks safe output         function sanitize_object_h( $array ) {             $array_modified = $array;              foreach( $array_modified $object ) {                 foreach( $object &$item ) {                     $item = htmlentities( $item, ent_quotes );                 }                 //end foreach             }             //end foreach             return $array_modified;          }         //end sanitize_object_h          $sanitized_tasks = sanitize_object_h( $tasks );          //return sanitized object.          echo json_encode( sanitize_object_h( $tasks ) );      } else {          echo "failed";         return;      }//end if    }//end store

first off, have not fixed escaping. htmlentities should work, in opinion (and some others) don't need to. json_encode escapes characters needs make valid json. have tried improve readability of code.

laravel can lot of things want do.

public function store( request $request, $project_id ) {      if(!$project_id)         abort(404, "bad id");      // make sure inputs exist     $this->validate($request, [         'description' => 'required',         'due_date' => 'required',         'priority' => 'required'     ]);      //get post inputs     $inputs = $request->all();      //make sure project id belongs current user.  stop adding task project isn't you.      $project = project::findorfail($project_id);     if($project->user_id != auth::user()->id)         abort(403, 'not thing');      $task = new task;      $task->description = $inputs['description'];     $task->due_date    = $inputs['due_date'];     $task->priority    = $inputs['priority'];     $task->completed   = 0;     $task->order       = 0;     $task->user_id     = $user_id;     $task->project_id  = $project_id;     $task->save();      //get tasks     $tasks = task::where('user_id', $user_id)->where('project_id', $project_id)->orderby('description', 'asc')->get();      return response::json($tasks); }//end store

take @ validation

pay attention abort. think it's rather obvious does, can use return "error"; if like, since looks api. findorfail. if record doesn't exist throw 404 (unless catch it).


Comments

Post a Comment

Popular posts from this blog

how to insert data php javascript mysql with multiple array session 2 -

-
i have method method discussed , successful data entered 1 when more 1 can not database this programs my php form : <form class="form-horizontal" id="form-produk"> <div class="control-group" > <label class="control-label" for="kelas">kategori</label> <div class="controls"> <select class='form-control' name='id_kategori'> <?php $tampil=mysql_query("select * kategori order nama_kategori"); if ($id_kat==0){ echo "<option value=0 selected>- pilih kategori -</option>"; } while($w=mysql_fetch_array($tampil)){ if ($id_kat==$w[id_kategori]){ echo "<option value=$w[id_kategori] selected>$w[nama_kategori]</option>"; } else{ echo "<option value=$w[id_kategori]>$...
Read more

multithreading - Exception in Application constructor -

-
i wanna write snake game javafx , there exception don't know , want know how fix it. ( know it's not complete yet ) and want know , class extends application ( start override ) main in other programs? see , here not static void main bc didn't need, if want add main shoud do? it's exeption... exception in application constructor exception in thread "main" java.lang.nosuchmethodexception: main_snake.main([ljava.lang.string;) @ java.lang.class.getmethod(class.java:1819) @ com.intellij.rt.execution.application.appmain.main(appmain.java:125) and code : import javafx.animation.animationtimer; import javafx.application.application; import javafx.event.eventhandler; import javafx.scene.scene; import javafx.scene.canvas.canvas; import javafx.scene.canvas.graphicscontext; import javafx.scene.input.keyevent; import javafx.scene.layout.borderpane; import javafx.scene.paint.color; import javafx.stage.stage; import java.util.arraylist; /** * creat...
Read more

windows - CertCreateCertificateContext returns CRYPT_E_ASN1_BADTAG / 8009310b -

-
i realize similar post others (e.g. this one ), there details missing posts might significant case. to start with, here's simplified program: #include "stdafx.h" #include <windows.h> #include <wincrypt.h> int _tmain(int argc, _tchar* argv[]) { // usage: certextract certpath char keyfile[] = "c:\\certificates\\public.crt"; byte lp[65536]; security_attributes sa; handle hkeyfile; dword bytes; pccert_context certcontext; sa.nlength = sizeof(sa); sa.lpsecuritydescriptor = null; sa.binherithandle = false; hkeyfile = createfile(keyfile, generic_read, file_share_read, &sa, open_existing, file_attribute_normal, null); if (hkeyfile) { if (readfile(hkeyfile, lp, getfilesize(hkeyfile, null), &bytes, null) && bytes > 0) { certcontext = certcreatecertificatecontext(x509_asn_encoding, lp, bytes); if (certcontext) { printf("yay...
Read more