为什么我输入“+ -1-23 $%^& sdfsdf /><”在textarea但它只将“-1-23 $%^”保存到数据库中?
代码:
function postingMsg (){
$('.error').hide();
var messageposting2= $("textarea#messageposting").val();
var dataString = 'messageposting2='+ messageposting2;
$.ajax({
type: "POST",
url: "note-send.php",
data: dataString,
success: function(msg) {
msg = parseFloat(msg)
}
});
return false;
}
if ((isset($_POST['messageposting2'])) && (strlen($_POST['messageposting2']) > 0)) {
$messageposting3 = $_POST['messageposting2'];
$sql = "UPDATE users
SET my_note=?
WHERE user_id=?";
$q = $conn->prepare($sql);
$q->execute(array($messageposting3, $_SESSION['user_id']));
echo "1";
} else {echo "0";}
答案 0 :(得分:3)
它与PDO或您的数据库无关。在通过Ajax发送字符串之前,必须对其进行URL编码。
var dataString = 'messageposting2='+ encodeURIComponent(messageposting2);