jquery - Download file by form PHP -

-

I am trying to download JSN data via PHP. The file is being downloaded, but the DSN name does not get what I define, even in the file, prints only two letters from my JSN data.

The file appears inside:

[{

When JSON data is visible:

[{"SIZE": [16,16]}]

that is code: 

  var data est text = JSON.stringify (data); Var filename = $ ("# menu-save-text") Val (); Var _content = DataAsText; Jquery ('& lt; form action = "download.php" method = "post" & gt; Input  gt; & lt; / form & gt; '). Attachment (' body '). Submit (). < / Code>

PHP: 

  & lt;? $ File name = $ post ["file name"]; header ("content-type: text / plain Header ("Pasteum: 0"); Header ("Cache-Control: Header (" Pasteum: Public "); Header (" Cache-Control:Required-modified, post check = 0, pre-check = 0 "); header (" cache-control: private ", incorrect); echo $ _POST [" content "];? & Gt;

The name of downloaded files is download.php

You suffer from an HTML injection vulnerability In JSON, " is breaking your HTML:

The HTML you create looks like this: 

  [. Snip ..] & Lt; Input type = "hidden" name = "content" value = "[{" size ": [16,16]}]" />[...nnip ..]

How it will be parsed by the browser: 

  Input: value = "[}" // Size of proper character ": [16, etc ... // Unknown / Invalid HTML attribute < In other words, you have to quote your JSON for use in the HTML form attribute, e.g., from all the  " to  and. Quot; Change  or create HTML using the appropriate domain methods, and set the value of content input through  $ (...). .val (json_goes_here)  with jquery-type operation.

Comments

Post a Comment

Popular posts from this blog

mysql - How to enter php data into a html multiple select box -

-
I am working on a page that will create a team. I just want to create a selection box which will list all the users of all the users. After that, the user can select more than one friend (i.e. 5) and can send the request to these 5 people to join the team but I am having problems I did this: Select $ sql = "Select i. *, Join * Connect with M * m.id = i.clique_id where adder_id =: id"; $ Stmt = $ db- & gt; Query ($ sql, array ('id' = & gt; $ _SESSION ['id'])); While ($ record = $ stmt-> fetch ()) {$ surname = $ record ['surname']; } and this: & lt; Select multiple = "true" name = "category" well id = "category" name = "category" category = "" & gt; & Lt; Option value = "& lt ;? php echo $ surname ;? & gt;" & Gt; & Lt ;? Php ek $ nickname; ? & Gt; & Lt; / Options & gt; & Lt; / Select & gt; But only a friend's nickname...
Read more

java - Can't add JTree to JPanel of a JInternalFrame -

-
Image
There are two panels in my JInternalframe. I want to add TopPanel to Jtree to nominate another. But I can not add Jaitari to the top of the panel. Please help me in this piece of code: DefaultMutableTreeNode root = new DefaultMutableTreeNode ("deck"); DefaultMutableTreeNode Item Clubs = New DefaultMutableTreeNode ("Club"); AddAllCard (itemClubs); Root.add (itemClubs); DefaultMutableTreeNode item = New DefaultMutableTreeNode ("Diamonds"); AddAllCard (itemDiamonds); Root.add (itemDiamonds); DefaultMutableTreeNode Itemspads = New DefaultMutableTreeNode ("Spades"); AddAllCard (itemSpades); Root.add (itemSpades); DefaultMutableTreeNode item increases = new DefaultMutableTreeNode ("heart"); AddAllCard (itemHearts); Root.add (itemHearts); Default Trimodel Tree Model = New DefaultTreeModel (Route); Tree = new jetty (tree modal); ScrollPane = new JScrollPane (tree); // scrollPane.setViewportView (tree); . ScrollPane.getViewport () add (tr...
Read more

c++ - Cassandra datastax cpp driver - avoiding unnecessary copies -

-
I use the following method to create my insert statement for Cassandra (using datastax cpp driver) : ssStmt1 & lt; & Lt; "Insert some table (...) value (....)" string sStatement1 = ssStmt1.str (); Castestring cass1 = cass_string_init (sStatement1.c_str ()); CassStatement * pStmt1 = cass_statement_new (cass1, 0); I have also tried the following: CassString cass1 = cass_string_init ("Enter some table (id, date, c) value (? ,?,?); "); CassStatement * pStmt1 = cass_statement_new (cass1, 3); Cass_statement_bind_uuid (pStmt1, 0, uuidKey); Cass_statement_bind_int64 (PSTMT1, 1, timestamp); Cass_statement_bind_string (pStmt1, 2, sSomething); The first pattern works with mixed keys, the second is not. The key has a timestamp and a UUID. Timestamp is one of two errors in the field (based on the used bond statement). If bound in this way: cass_statement_bind_int64_by_name (pStmt1, "date", timestamp); I get the following error: Inva...
Read more