我在我的joomla模块上开发了jquery自动完成搜索。我有和问题,如果我键入json代码所在的文件路径并放http://localhost/project/modules/mod_jtory_search/tmpl/personal.php?term=c
它将显示结果,这对安全性不好,任何一个建议如何使用POST方法解决这个问题?
JSON
$db = JFactory::getDbo();
$searchp=$_GET["term"];
$searchp = str_replace(' ', '', $searchp);
$query = $db -> getQuery(true);
$query="SELECT * FROM tent WHERE REPLACE(title, ' ', '') LIKE '%$searchp%' AND categories_id=82 order by title ASC ";
$db -> setQuery($query);
// Load the results as a list of associated arrays.
$results = $db -> loadAssocList();
$json=array();
foreach ($results as $json_result) {
$json[] = array('value' => $json_result["title"], 'label' => $json_result["title"]);
}echo json_encode($json);
自动填充
jQuery.noConflict();
jQuery(function(){
jQuery("#searchp").autocomplete({
source:'<?php echo JURI::root().'modules/mod_jtory_search/tmpl/personal.php'; ?>',
delay: 300 ,
minLength:1
});
jQuery(function () {
jQuery("#searchp").keypress(function (e) {
if (e.keyCode == 13) {
return false;
}
});
});
});