Question

我有一个带有ajax搜索的在线商店网站，当我点击更多结果时，它会复制一些产品。我找不到任何错误。

我真的需要帮助。由于html输出太长，您可以在此处查看http://pastebin.com/Vvu9wLst

<?php

// start session
session_start();

// set header
header('content-type: application/json; charset=windows-1250');

// define constants
define("IS_AJAX_REQUEST", (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'));

// include article class
include '../../spraycan/class/Artikl.class.php';

// include mustache.php
include '../../lib/mustache/Mustache.php';
// instantiate mustache engine
$mustache = new Mustache_Engine();

// set template file
if(isset($_GET['type']) && $_GET['type'] != NULL && $_GET['type'] == "small")
    $template_file = "tpl.small.html";
else
    $template_file = "tpl.big.html";
// get template contents
$template = file_get_contents($template_file);

// connect to database
$mysqli = new mysqli("localhost", "opstanak_dgojak", "rtchri92", "opstanak_1");
mysqli_report(MYSQLI_REPORT_ERROR);

// fetch search query
$s = $_GET['s'];
$s = $mysqli->real_escape_string($s);
// explode search query to words
$words = explode(" ", $s);

// start SELECT
$query = "SELECT * FROM artikli INNER JOIN artikli_group ON artikli.ArtKonto = artikli_group.artGrKonto";
// start WHERE
$where = " WHERE";
$i = 0;

foreach($words as $word)
{
    // set replacements
    $scope = array("š", "đ", "ž","č","ć");
    $replace = array("Š","Đ","Ž","Č","Ć");

    // select first char
    $fc = substr($word,0,1);
    // select other chars
    $oc = substr($word,1);
    // transform first to upper
    $fcb = strtoupper($fc);
    $fcb = str_replace($scope, $replace, $fcb);
    // transform other to upper
    $ocl = strtolower($oc);
    $ocl = str_replace($replace, $scope, $ocl);

    // set normal word
    $word = $fcb.$ocl;
    // set lower word
    $word_lower = strtolower($word);
    $word_lower = str_replace($replace, $scope, $word_lower);
    // set upper word
    $word_upper = strtoupper($word);
    $word_upper = str_replace($scope, $replace, $word_upper);

    if(strlen($word) > 3)
        $word_many = substr($word, 0, -1);
    else
        $word_many = $word;
    // setup where part of query
    if($i == 0)
        $where .= ' (artNaziv LIKE "%'.$word.'%" OR artNaziv LIKE "%'.$word_lower.'%" OR artNaziv LIKE "%'.$word_many.'%" OR artNaziv LIKE "%'.$word_upper.'%")';
    else
        $where .= ' AND (artNaziv LIKE "%'.$word.'%" OR artNaziv LIKE "%'.$word_lower.'%" OR artNaziv LIKE "%'.$word_many.'%" OR artNaziv LIKE "%'.$word_upper.'%")';
    $i++;
}

// update WHERE
if(isset($_GET['since']) && $_GET['since'] != NULL)
    $where .= " AND ID_artikl < ".$_GET['since'];
// set ORDER
$order = " ORDER BY artKn ASC";
// set LIMIT
if($_GET['type'] != "small") {
    $limit = " LIMIT 15";
} else {
    $limit = " LIMIT 5";
}
if($_GET['type'] != "small") {
    // merge SELECT part with the WHERE part for total results count
    $query_num = $query.$where.$order;
    $result_num = $mysqli->query($query_num);
    $total_results_num = $result_num->num_rows;
} else {
    $total_results_num = 0;
}

// merge SELECT part with the WHERE part for fetching results
$query = $query.$where.$order.$limit;

// instantiate response
$response = array('html' => array(), 'after' => '', 'results' => 0, 'total' => $total_results_num, 'first_ID' => "0", 'last_ID' => "0", 'end' => false);


// process query
$result = $mysqli->query($query);
$response['results'] = $result->num_rows;

if($response['results'] < 15)
{
    $response['end'] = true;
    if($template_file == '')
        $response['after'] = "<div id='load_more' class='not_loading'>Učitaj više rezultata.</div>";
    else
        $response['after'] = "<div id='load_all'>Svi rezultati za pojam <strong>".$s."</strong>.</div>";
}
else
{
    if($template_file == '')
        $response['after'] = "<div id='load_more' class='the_end'>Nema više rezultata.</div>";
    else
        $response['after'] = "<div id='load_all'>Svi rezultati za pojam <strong>".$s."</strong>.</div>";

}

$i = 0;
while($row = $result->fetch_assoc())
{
    if($i == 0)
        $response['first_ID'] = $row['ID_artikl'];
    $row['is_ajax_requested'] = true;
    if($_GET['type'] == 'small')
        $row['artNaziv'] = substr(iconv('ISO-8859-2', 'UTF-8', $row['artNaziv']),0,30).'...';
    else
        $row['artNaziv'] = iconv('ISO-8859-2', 'UTF-8', $row['artNaziv']);
    $row['artInfo'] = iconv('ISO-8859-2', 'UTF-8', $row['artInfo']);
    $row['artGrNaziv'] = iconv('ISO-8859-2', 'UTF-8', $row['artGrNaziv']);
    array_push($response['html'], $mustache->render($template, new Artikl($row)));
    $response['last_ID'] = $row['ID_artikl'];
    $i++;
}

$pattern = array("\u010d","\u010c","\u009a","\u008a","\u009e","\u008e","\u0111");
$replacement = array("č","Č","š","Š","ž","Ž","đ");

echo str_replace($pattern, $replacement, json_encode($response));

?>

Answer 1

我没有评论的声誉，但有一些关于安全性的事情：

1）您刚公开发布了数据库用户名和密码。如果您的服务器遭到入侵，此类信息将授予攻击者立即和严重损害的访问权限。

2）说到安全性和服务器泄露，请不要单独使用session_start（），因为它不安全。我建议您执行安全的会话管理。有关信息，请参阅this link;有关示例，请参阅this link。（请务必阅读最后一个链接中的评论部分以获取更多信息）

Ajax重复结果

1 个答案: