button onclick =返回没有斜杠的var

时间:2014-01-02 19:12:46

标签: javascript php

以下代码返回$ userurl,即:

<button class="Urllink" type="button" onclick="window.parent.location.href=" www.facebook.com";"><img src="http://www.facebook.com/favicon.ico" width="16" height="16">Facebook</button>

CODE:

function userUrl($user){
    include ('bin/mysqllogin.php');
    $userUrl = '';
    $query = "SELECT * FROM urls WHERE Usernaam = '$user'";
    $result = mysqli_query($dbc, $query);
    if (!$result) {
        echo ' Query Failed ';
    }else{
        if (@mysqli_num_rows($result) >= 1) {
            while ($dbresult = mysqli_fetch_assoc($result)){
                $userUrl .= '<p class="Link_par"><button class="Urllink" type="button" onclick="window.parent.location.href="';
                $userUrl .= $dbresult['Url'] . '";><img src=' . $dbresult["UrlIcon"] . ' width="16" height="16">' . $dbresult["UrlName"] . '</button>';
            }
        }
    }
    mysqli_close($dbc);
    return $userUrl;
}

大家都看到$ userUrl不返回所需的http://www.facebook.com。我在这里做错了什么?

Edit1:找到解决方案。我需要在var $ dbresult ['Url']周围添加/'。所以代码改为:

function userUrl($user){
    include ('bin/mysqllogin.php');
    $userUrl = '';
    $query = "SELECT * FROM urls WHERE Usernaam = '$user'";
    $result = mysqli_query($dbc, $query);
    if (!$result) {
        echo ' Query Failed ';
    }else{
        if (@mysqli_num_rows($result) >= 1) {
            while ($dbresult = mysqli_fetch_assoc($result)){
                $userUrl .= '<p class="Link_par"><button class="Urllink" type="button" onclick="window.parent.location.href=\'';
                $userUrl .= $dbresult['Url'] . '\';"><img src=' . $dbresult["UrlIcon"] . ' width="16" height="16">' . $dbresult["UrlName"] . '</button>';
            }
        }
    }
    mysqli_close($dbc);
    return $userUrl;
}

1 个答案:

答案 0 :(得分:3)

您需要将http://添加到$userUrl。就这样:

function userUrl($user) {
    include ('bin/mysqllogin.php');
    $userUrl = 'http://';    // <-- Prepended in here
    $query = "SELECT * FROM urls WHERE Usernaam = '$user'";
    $result = mysqli_query($dbc, $query);
    if (!$result) {
        echo ' Query Failed ';
    }else{
        if (@mysqli_num_rows($result) >= 1) {
            while ($dbresult = mysqli_fetch_assoc($result)){
                $userUrl .= '<p class="Link_par"><button class="Urllink" type="button" onclick="window.parent.location.href="';
                $userUrl .= $dbresult['Url'] . '";><img src=' . $dbresult["UrlIcon"] . ' width="16" height="16">' . $dbresult["UrlName"] . '</button>';
            }
        }
    }
    mysqli_close($dbc);
    return $userUrl;
}

请顺便查找SQL注入。或者,最好的选择,使用PDO

相关问题
最新问题