P
P
Pavel K2017-06-18 00:05:10
PHP
Pavel K, 2017-06-18 00:05:10

How to do JSON escaping?

Greetings!
There is a certain JSON string that is taken from the user, written to the database, and thrown out to the user almost unchanged. It is necessary to quickly do exactly the escaping (without json_encode (json_decode ())).
Those. Roughly speaking, you need to replace dangerous characters in the keys/values ​​without touching the JSON quotes
, which is the fastest and easiest way to do this (most likely regular expressions, because I didn’t find any ready-made filters).
PS It is necessary to temporarily plug the hole, understand someone else's code and I will redo it later.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
B
Boris Korobkov, 2017-06-18
@BorisKorobkov

And how long has json_encode/json_decode been called escaping?!
What are you going to defend yourself from?
From SQL injection - use PDO.
From XSS - when rendering, use htmlspecialchars (if PHP) or its js counterpart xdan.ru/php-htmlspecialchars-jekvivalent-na-javasc...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question