PHP jQuery JSON and YouTube Embed code

[monkeytooth]

Ok I have a unique issue I have a decent sized database for a fix up and modify project I just landed. My problem is my client has a table with plain html, flash, javascript it in. Which generally speaking isn't to much a problem if I we're going the straight php route to get the data from the database. However I'm not so lucky. These people wish to have the element being built by me to use AJAX to give the site a "2.0" feel, which again to a point fine. So all this said and done, I am going using jQuery as my frame for the javascript. The landing page for the script is PHP it handles any potential user input checks before it works its way into the javascript variables to then use JSON through the javascript to another php file which in turn double checks the inputs just incase someone wants to go in to the source find the way to the file its gathering the data from an all else. Then based on the data forms its output. Which I don't know why Ive wasted my time explaining that, we all know how JSON works in concept at least.

 

My issue with this all is, a single column or 2 but ill stick with just the one for now... with these people having stored plain html, javascript, and object tags for flash in the column without any htmlspecialchars or stripslash's or really any security per say in mind. In other words I can go into any column and just copy and paste the code and have it work in an HTML file as if it were typed out for use in HTML alone. So with that, my JSON requests are failing due to the extra quotes, double quotes, slashes, and all else. What I am trying to figure out is, what is my best method to phrase the output of the DB so its friendly for for the JSON request yet can be repieced back together via javascript/jquery.

 

Any takers on that idea?

[monkeytooth]

Ahh, after much playing around I figured my own path out. Thank you for those of you who were sitting there thinking about it thought.

 

My plan of action was to parse my outbound JSON data using nl2br to remove any \n \r in the string, then I ran the string through htmlentities and before adding it to the outbound JSON I used trim on the string just to clear up any excess crap, then applied str_replace on both \n and \r again just to be sure. Then when the javascript picked it up I placed it in an input text box, and took the value from that in the javascript and applyed it to my HTML so it would output without being encoded.

 

Well I thought I would just at least give an idea of how I handled it for anyone who might come across this in the future.