Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote -3 down vote favorite

I need to use jQuery to change the value of any input field (on form submit) to an escaped value.

If the user types an apostrophe, I need it to change to an escaped value before it is submitted and inserted into my database:

' ---> /'

How do I get jQuery to check all input fields and textareas for an apostrophe upon submitting, change the value, then continue with the submit function?

EDIT: I understand this is not a secure method of handling such a request, but I do not have access to the server side code. Also, as this is on an intranet, I'm not looking for the most secure solution, just one that uses JavaScript to handle it.

Comments so far have been limited to describing why this is a bad practice. Would anyone know how to actually handle this request using JavaScript (preferably jQuery)?

share|improve this question
1  
What have you tried so far? – Derek Jun 11 at 15:59
3  
This is a bad, bad idea. You should cleanse the input on the server side or use prepared statements for inserting data into your database. – Cory Jun 11 at 15:59
3  
You really should do that replacement server side... or better let your DB API do it for you. Sanitizing fields client side for DB insertion is terribly wrong. – dystroy Jun 11 at 16:00
You better off use mysql_real_escape_string serverside (in case you use PHP). If a malicious user manipulates the packets, he can manipulate the output of jQuery (that what you ment to sent to the server) and thus pretty easily inject data into your mySQL query. Never ever apply such critical security things on the client side. – Chris S. Jun 11 at 16:01
1  
If you have no access to the server part, built some sort of proxying API that does this, but still, serverside. – Chris S. Jun 11 at 16:03
show 2 more comments

1 Answer

up vote 2 down vote accepted

Setting aside the fact that this is easily circumventable, and just dealing with the specific requirement of escaping apostrophes from all text inputs on submit, here's one method:

That's a pretty link heavy set of steps, but it should give you what you need to start understanding jQuery based event handling and DOM traversal and manipulation.

share|improve this answer
Thank you -- this was a great method. – dihakz Jun 17 at 12:13

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.