Ajax分页不适用于变量查询

时间:2018-05-15 07:00:36

标签: javascript php jquery html html5

我正在尝试使用ajax分页实现从mysql获取数据的搜索过滤器,并根据参数值在查询中应用变量。

当我在分页中单击“下一步”时,它会忽略变量来获取日期,并在没有条件的情况下打印所有结果,但是当我将变量更改为手动文本时,它会工作并使用条件打印结果。 / p>

使用变量查询:

SELECT up.PID, up.Name, up.Avatar FROM Profile AS up
LEFT JOIN Details AS ud ON ud.PID = up.PID
WHERE ud.Country = '$Country' ORDER BY up.PID

使用无变量查询:

SELECT up.PID, up.Name, up.Avatar FROM Profile AS up
LEFT JOIN Details AS ud ON ud.PID = up.PID
WHERE ud.Country = 'Canada' ORDER BY up.PID

第一个PHP文件file1.php

<script type="text/javascript">
$(document).ready(function() {
    $("#results" ).load("php2.php"+window.location.search); //load initial records

    //executes code below when user click on pagination links
    $("#results").on( "click", ".pagination a", function (e){
        e.preventDefault();
        $(".loading-div").show(); //show loading element
        var page = $(this).attr("data-page"); //get page number from link
        $("#results").load("fetch_pages.php",{"page":page}, function(){ //get content from PHP page
            $(".loading-div").hide(); //once done, hide loading element
        });

    });
});
</script>
<div id="results">
</div>

第二个PHP文件php2.php

<?php
//continue only if $_POST is set and it is a Ajax request
if(isset($_POST) && isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'){

    include("define.php");  //include config file
    //Get page number from Ajax POST
    if(isset($_POST["page"])){
        $page_number = filter_var($_POST["page"], FILTER_SANITIZE_NUMBER_INT, FILTER_FLAG_STRIP_HIGH); //filter number
        if(!is_numeric($page_number)){die('Invalid page number!');} //incase of invalid page number
    }else{
        $page_number = 1; //if there's no page number, set it to 1
    }

    // Get parameters
    // User Details
    $Country = $_GET['Country'];

    //get total number of records from database for pagination
    $results = $mysqli->query("SELECT COUNT(*)
    FROM (
  SELECT up.PID, up.Name, up.Avatar FROM Profile AS up
LEFT JOIN Details AS ud ON ud.PID = up.PID
WHERE ud.Country = '$Country' ORDER BY up.PID
    ) as t");
    $get_total_rows = $results->fetch_row(); //hold total records in variable

    //break records into pages
    $total_pages = ceil($get_total_rows[0]/$item_per_page);

    //get starting position to fetch the records
    $page_position = (($page_number-1) * $item_per_page);


    //Limit our results within a specified range.
    $results = $mysqli->prepare("SELECT up.PID, up.Name, up.Avatar FROM Profile AS up
LEFT JOIN Details AS ud ON ud.PID = up.PID
WHERE ud.Country = '$Country' ORDER BY up.PID ASC LIMIT $page_position, $item_per_page");
    $results->execute(); //Execute prepared Query
    $results->bind_result($PID, $Name, $Avatar); //bind variables to prepared statement

    //Display records fetched from database.
    echo '<ul class="contents">';
    while($results->fetch()){ //fetch values
        echo "<a href=\"/Profile.php?id=$PID\" onClick='Loading()'><li class=\"userlistitem\">";
        echo  "<img src='$Avatar' height='100' width='100' onerror=\"this.src = '/assets/img/noImg.png'\"/>";
        echo  "$Name  $Email $PasswordD";
        echo "</li></a>";
    }
    echo '</ul>';
    echo '<div align="center">';
    /* We call the pagination function here to generate Pagination link for us.
    As you can see I have passed several parameters to the function. */
    echo Profile_function($item_per_page, $page_number, $get_total_rows[0], $total_pages);
    echo '</div>';

    exit;
}
################ pagination function #########################################
function Profile_function($item_per_page, $current_page, $total_records, $total_pages)
{
    $pagination = '';
    if($total_pages > 0 && $total_pages != 1 && $current_page <= $total_pages){ //verify total pages and current page number
        $pagination .= '<ul class="pagination justify-content-center">';

        $right_links    = $current_page + 3;
        $previous       = $current_page - 3; //previous link
        $next           = $current_page + 1; //next link
        $first_link     = true; //boolean var to decide our first link

        if($current_page > 1){
            $previous_link = ($previous==0)? 1: $previous;
            $pagination .= '<li class="page-item"><a class="first page-link" href="#" data-page="1" title="First">&laquo;</a></li>'; //first link
            $pagination .= '<li class="page-item"><a class="page-link" href="#" data-page="'.$previous_link.'" title="Previous">&lt;</a></li>'; //previous link
                for($i = ($current_page-2); $i < $current_page; $i++){ //Create left-hand side links
                    if($i > 0){
                        $pagination .= '<li class="page-item"><a class="page-link" href="#" data-page="'.$i.'" title="Page'.$i.'">'.$i.'</a></li>';
                    }
                }
            $first_link = false; //set first link to false
        }

        if($first_link){ //if current active page is first link
            $pagination .= '<li class="page-item disabled" ><span class="page-link">'.$current_page.'</a></li>';
        }elseif($current_page == $total_pages){ //if it's the last active link
            $pagination .= '<li class="page-link active"><a>'.$current_page.'</a></li>';
        }else{ //regular current link
            $pagination .= '<li class="page-item active"><span class="page-link">'.$current_page.'</span></li>';
        }

        for($i = $current_page+1; $i < $right_links ; $i++){ //create right-hand side links
            if($i<=$total_pages){
                $pagination .= '<li class="page-item"><a class="page-link" href="#" data-page="'.$i.'" title="Page '.$i.'">'.$i.'</a></li>';
            }
        }
        if($current_page < $total_pages){
                $next_link = ($i > $total_pages) ? $total_pages : $i;
                $pagination .= '<li class="page-item"><a class="page-link" href="#" data-page="'.$next_link.'" title="Next">&gt;</a></li>'; //next link
                $pagination .= '<li class="last page-item"><a class="page-link" href="#" data-page="'.$total_pages.'" title="Last">&raquo;</a></li>'; //last link
        }

        $pagination .= '</ul>';
    }
    return $pagination; //return pagination links
}

?>

我在代码中缺少什么?

非常需要您的帮助。

1 个答案:

答案 0 :(得分:0)

您应该避免将这样的参数直接发送到您的查询,而是使用bind_param

$results = $mysqli->prepare("SELECT COUNT(*) FROM (
       SELECT up.PID, up.Name, up.Avatar FROM Profile AS up
       LEFT JOIN Details AS ud ON ud.PID = up.PID
       WHERE ud.Country = '?' ORDER BY up.PID
    ) as t");

$results=$mysqli->bind_param($Country);
$results->execute();

这种方式有点安全,因为mysqli会尝试解析数据并转义任何不应存在的潜在字符串。

您可以参考本文档中的bind_params:

https://secure.php.net/manual/en/mysqli-stmt.bind-param.php