逃脱&在一个字符串?

时间:2013-11-03 15:27:05

标签: javascript php mysql

人们对我之前提出的问题的建议似乎没有帮助。所以,我想在这里用完整的代码再次发布它: mysql_depricated.php:

<script>
 function fun()
 {
 var ajaxRequest;  // The variable that makes Ajax possible!

    try{
        // Opera 8.0+, Firefox, Safari
        ajaxRequest = new XMLHttpRequest();
    } catch (e){
        // Internet Explorer Browsers
        try{
            ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
        } catch (e) {
            try{
                ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
            } catch (e){
                // Something went wrong
                alert("Your browser broke!");
                return false;
            }
        }
    }

   var name = document.getElementById("name").value;
   var url = "mysql_depricated2.php";
   var param = "name=" + name;

   ajaxRequest.open("POST", url, true);

//Send the proper header information along with the request
ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
ajaxRequest.setRequestHeader("Content-length", param.length);
ajaxRequest.setRequestHeader("Connection", "close");

    ajaxRequest.send(param); 
 }
</script>

 <input type="text" id="name">
 <input type="button" value="ajax&" onclick="fun()">

mysql_depricated2:

<?php
      $host="localhost"; // Host name
      $username="root"; // Mysql username
      $password=""; // Mysql password
      $db_name="example"; // Database name

   // Connect to server and select databse.
   $con=mysql_connect("$host", "$username", "$password")or die("cannot connect");
   mysql_select_db("$db_name")or die("cannot select DB");


 $content = $_POST['name'];
 $content=mysql_real_escape_string($content);

 $sql = "insert into e values('$content')";
 mysql_query($sql);
?>

如果我尝试插入一个包含&amp;的字符串,它就不起作用符号。有什么解决方案吗?

1 个答案:

答案 0 :(得分:4)

替换以下行:

ajaxRequest.send(param);

这个:

ajaxRequest.send( encodeURIComponent(param) );

因此,您将&特殊字符编码为其网址编码形式%26