我正在尝试使用ajax分页实现从mysql获取数据的搜索过滤器,并根据参数值在查询中应用变量。
当我在分页中单击“下一步”时,它会忽略变量来获取日期,并在没有条件的情况下打印所有结果,但是当我将变量更改为手动文本时,它会工作并使用条件打印结果。 / p>
使用变量查询:
SELECT up.PID, up.Name, up.Avatar FROM Profile AS up
LEFT JOIN Details AS ud ON ud.PID = up.PID
WHERE ud.Country = '$Country' ORDER BY up.PID
使用无变量查询:
SELECT up.PID, up.Name, up.Avatar FROM Profile AS up
LEFT JOIN Details AS ud ON ud.PID = up.PID
WHERE ud.Country = 'Canada' ORDER BY up.PID
第一个PHP文件file1.php
<script type="text/javascript">
$(document).ready(function() {
$("#results" ).load("php2.php"+window.location.search); //load initial records
//executes code below when user click on pagination links
$("#results").on( "click", ".pagination a", function (e){
e.preventDefault();
$(".loading-div").show(); //show loading element
var page = $(this).attr("data-page"); //get page number from link
$("#results").load("fetch_pages.php",{"page":page}, function(){ //get content from PHP page
$(".loading-div").hide(); //once done, hide loading element
});
});
});
</script>
<div id="results">
</div>
第二个PHP文件php2.php
<?php
//continue only if $_POST is set and it is a Ajax request
if(isset($_POST) && isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'){
include("define.php"); //include config file
//Get page number from Ajax POST
if(isset($_POST["page"])){
$page_number = filter_var($_POST["page"], FILTER_SANITIZE_NUMBER_INT, FILTER_FLAG_STRIP_HIGH); //filter number
if(!is_numeric($page_number)){die('Invalid page number!');} //incase of invalid page number
}else{
$page_number = 1; //if there's no page number, set it to 1
}
// Get parameters
// User Details
$Country = $_GET['Country'];
//get total number of records from database for pagination
$results = $mysqli->query("SELECT COUNT(*)
FROM (
SELECT up.PID, up.Name, up.Avatar FROM Profile AS up
LEFT JOIN Details AS ud ON ud.PID = up.PID
WHERE ud.Country = '$Country' ORDER BY up.PID
) as t");
$get_total_rows = $results->fetch_row(); //hold total records in variable
//break records into pages
$total_pages = ceil($get_total_rows[0]/$item_per_page);
//get starting position to fetch the records
$page_position = (($page_number-1) * $item_per_page);
//Limit our results within a specified range.
$results = $mysqli->prepare("SELECT up.PID, up.Name, up.Avatar FROM Profile AS up
LEFT JOIN Details AS ud ON ud.PID = up.PID
WHERE ud.Country = '$Country' ORDER BY up.PID ASC LIMIT $page_position, $item_per_page");
$results->execute(); //Execute prepared Query
$results->bind_result($PID, $Name, $Avatar); //bind variables to prepared statement
//Display records fetched from database.
echo '<ul class="contents">';
while($results->fetch()){ //fetch values
echo "<a href=\"/Profile.php?id=$PID\" onClick='Loading()'><li class=\"userlistitem\">";
echo "<img src='$Avatar' height='100' width='100' onerror=\"this.src = '/assets/img/noImg.png'\"/>";
echo "$Name $Email $PasswordD";
echo "</li></a>";
}
echo '</ul>';
echo '<div align="center">';
/* We call the pagination function here to generate Pagination link for us.
As you can see I have passed several parameters to the function. */
echo Profile_function($item_per_page, $page_number, $get_total_rows[0], $total_pages);
echo '</div>';
exit;
}
################ pagination function #########################################
function Profile_function($item_per_page, $current_page, $total_records, $total_pages)
{
$pagination = '';
if($total_pages > 0 && $total_pages != 1 && $current_page <= $total_pages){ //verify total pages and current page number
$pagination .= '<ul class="pagination justify-content-center">';
$right_links = $current_page + 3;
$previous = $current_page - 3; //previous link
$next = $current_page + 1; //next link
$first_link = true; //boolean var to decide our first link
if($current_page > 1){
$previous_link = ($previous==0)? 1: $previous;
$pagination .= '<li class="page-item"><a class="first page-link" href="#" data-page="1" title="First">«</a></li>'; //first link
$pagination .= '<li class="page-item"><a class="page-link" href="#" data-page="'.$previous_link.'" title="Previous"><</a></li>'; //previous link
for($i = ($current_page-2); $i < $current_page; $i++){ //Create left-hand side links
if($i > 0){
$pagination .= '<li class="page-item"><a class="page-link" href="#" data-page="'.$i.'" title="Page'.$i.'">'.$i.'</a></li>';
}
}
$first_link = false; //set first link to false
}
if($first_link){ //if current active page is first link
$pagination .= '<li class="page-item disabled" ><span class="page-link">'.$current_page.'</a></li>';
}elseif($current_page == $total_pages){ //if it's the last active link
$pagination .= '<li class="page-link active"><a>'.$current_page.'</a></li>';
}else{ //regular current link
$pagination .= '<li class="page-item active"><span class="page-link">'.$current_page.'</span></li>';
}
for($i = $current_page+1; $i < $right_links ; $i++){ //create right-hand side links
if($i<=$total_pages){
$pagination .= '<li class="page-item"><a class="page-link" href="#" data-page="'.$i.'" title="Page '.$i.'">'.$i.'</a></li>';
}
}
if($current_page < $total_pages){
$next_link = ($i > $total_pages) ? $total_pages : $i;
$pagination .= '<li class="page-item"><a class="page-link" href="#" data-page="'.$next_link.'" title="Next">></a></li>'; //next link
$pagination .= '<li class="last page-item"><a class="page-link" href="#" data-page="'.$total_pages.'" title="Last">»</a></li>'; //last link
}
$pagination .= '</ul>';
}
return $pagination; //return pagination links
}
?>
我在代码中缺少什么?
非常需要您的帮助。
答案 0 :(得分:0)
您应该避免将这样的参数直接发送到您的查询,而是使用bind_param
$results = $mysqli->prepare("SELECT COUNT(*) FROM (
SELECT up.PID, up.Name, up.Avatar FROM Profile AS up
LEFT JOIN Details AS ud ON ud.PID = up.PID
WHERE ud.Country = '?' ORDER BY up.PID
) as t");
$results=$mysqli->bind_param($Country);
$results->execute();
这种方式有点安全,因为mysqli会尝试解析数据并转义任何不应存在的潜在字符串。
您可以参考本文档中的bind_params: