How to securely send additional data/parameters via $.ajax for filtering?
I'm trying to send additional data/parameters via $.ajax for additional filtering of a returning json. When sending a single term, my setup looks like this:
javascript:
$.ajax({
url: "/source.php",
dataType: "json",
data: {
term: request.term
},
Console:
GET .../source.php?term=valueA1
PHP:
$term = trim(strip_tags($_GET['term']));
$term = preg_replace('/\s+/', ' ', $term);
$a_json = array();
$a_json_row = array();
$a_json_invalid = array(array("id" => "#", "value" => $term, "label" => "Only letters and digits are permitted..."));
$json_invalid = json_encode($a_json_invalid);
if(preg_match("/[^\040\pL\pN_-]/u", $term)) {
print $json_invalid;
exit;
}
if ($data = $mysqli->query("SELECT * FROM accounts WHERE name LIKE '%$term%' OR code LIKE '%$term%'")) {
while($row = mysqli_fetch_array($data)) {
...
}
}
Now, when adding/sending the additional data/parameters (if available) my setup looks like this:
$.ajax({
url: "/source.php",
dataType: "json",
data: {
term: request.term,
tags: $('#input-newsearch-2').val()
},
.val() of $('#input-newsearch-2') can be:
$('#input-newsearch-2').val() =
$('#input-newsearch-2').val() = valueA1
$('#input-newsearch-2').val() = valueA1,valueA2
$('#input-newsearch-2').val() = valueA1,valueA2,valueA3
... and so on.
Console:
GET source.php?term=valueA1&tags=
GET source.php?term=valueA2&tags=valueA1
GET source.php?term=valueA3&tags=valueA1%2CvalueA2
GET source.php?term=valueA4&tags=valueA1%2CvalueA2%2CvalueA3
Is it possible to send a comma seperated array like this and how should the php look like to use tags for additional filtering (AND WHERE)?
Edit: This is not a dublicate to the referenced answer since I'm sending a possible array as second parameter. Also it doesn't answer hoe then to fetch it in php und how to use it in the query
