safest way to handle saving JSON.stringify() to database

[Veronica Cisneros]

Hello,

I am building a component, and I want to know of any warnings or cautionary measures I should take dealing with saving, retrieving a string formatted as per javascript JSON.stringify()

The user enters, selects, etc information. I reformat some of this information within the form, a non-visible field; a field that is part of the component's model. In other words, the value of this field, should be a JSON string. 

Are there any dangers to saving data in this format? The string has many quotes, and or double quotes. What could happen in the user tampers with the string, and adds an extra double quotes, with some SQL code intended to break, hack, etc?

Is there a safe way to save the JSON string? or are JSON strings safe to store in database given Joomla component development standards ( I am following all standards, by the book as it were... actually literally...  :)

Thank you for any feedback

[Viper]

You can use native PHP json_decode() and store it into DB as is.
You can test you json string for errors on the site like http://jsonlint.com/

[Viper]

Sorry for my mistake. json_encode()

On Friday, May 23, 2014 10:28:04 AM UTC+4, Veronica Cisneros wrote:

[Evandromar Machado]

Do it a lot, I see no problem.

[Anibal]

Hi,

From a PHP simple data structure you can esily serialize or unserialize with json_encode(...) / json_decode(...).

To save it to a table field, you have to always quote the Json string: $db->Quote(...)

To give it a J twist you can check how JRegistry works, it can solve most requirements for a dictionary, plus it already has proven toString / loadString methods.

Regards,

Anibal