I want to URL encode this:
SELECT name FROM user WHERE uid = me()
Do I have to download a module for this? I already have the request module.
You can use JavaScript's encodeURIComponent
:
encodeURIComponent('select * from table where i()')
giving
'select%20*%20from%20table%20where%20i()'
The built-in module querystring
is what you're looking for:
var querystring = require("querystring");
var result = querystring.stringify({query: "SELECT name FROM user WHERE uid = me()"});
console.log(result);
#prints 'query=SELECT%20name%20FROM%20user%20WHERE%20uid%20%3D%20me()'
Use the escape
function of querystring
. It generates a URL safe string.
var escaped_str = require('querystring').escape('Photo on 30-11-12 at 8.09 AM #2.jpg');
console.log(escaped_str);
// prints 'Photo%20on%2030-11-12%20at%208.09%20AM%20%232.jpg'
querystring.stringify()
(in Nicolas' answer) seem to return an empty string now.
querystring.escape()
method is used by querystring.stringify()
and is generally not expected to be used directly."
Note that URI encoding is good for the query part, it's not good for the domain. The domain gets encoded using punycode. You need a library like URI.js to convert between a URI and IRI (Internationalized Resource Identifier).
This is correct if you plan on using the string later as a query string:
> encodeURIComponent("http://examplé.org/rosé?rosé=rosé")
'http%3A%2F%2Fexampl%C3%A9.org%2Fros%C3%A9%3Fros%C3%A9%3Dros%C3%A9'
If you don't want ASCII characters like /
, :
and ?
to be escaped, use encodeURI
instead:
> encodeURI("http://examplé.org/rosé?rosé=rosé")
'http://exampl%C3%A9.org/ros%C3%A9?ros%C3%A9=ros%C3%A9'
However, for other use-cases, you might need uri-js instead:
> var URI = require("uri-js");
undefined
> URI.serialize(URI.parse("http://examplé.org/rosé?rosé=rosé"))
'http://xn--exampl-gva.org/ros%C3%A9?ros%C3%A9=ros%C3%A9'
xn--
is added in the second example. It will not work as an url or I missed something ?
http://examplé.org
it is not ASCII character and should be presented as punnycode.
encodeURIComponent(string) will do it:
encodeURIComponent("Robert'); DROP TABLE Students;--")
//>> "Robert')%3B%20DROP%20TABLE%20Students%3B--"
Passing SQL around in a query string might not be a good plan though,
encodeURI
The encodeURI() method is used to encode a complete URL. This method encodes special characters except ~!$&@#*()=:/,;?+
encodeURIComponent
To encode special characters in URI components, you should use the encodeURIComponent() method. This method is suitable for encoding URL components such as query string parameters and not the complete URL.
Success story sharing
decodeURIComponent
is how you decode the encoded URI. You're welcome.