Question

好的，当查询中没有（amp /＆amp; / amp;）时，代码会正常返回结果：

example1 => BRAHAM BALDWIN AGRICULTURAL COLLEGE

转换

，查询看起来像=＆gt;布拉汉姆+ BALDWIN +农业+学报

示例1 =＆gt;正常工作并返回=＆gt;这所学校在阿拉巴马州

example2 query => BRYANT & STRATTON BUSINESS INSTITUTE - BUFFALO

转换

，查询看起来像=＆gt; BRYANT +％26 + STRATTON +商业+学院+ - + BUFFALO

示例2 =＆gt;不会返回任何东西，我很确定这是因为％26（amp /＆amp;）......

funcs.php中的代码：

require 'dbconnect.php';

$q = $_GET["q"];

$sql = "SELECT * FROM bl_zrify WHERE Name = '".$q."'";

$result = mysql_query($sql);
while($row = mysql_fetch_array($result))
  {

  if ($row['State'] == '') {
    $SchoolState = 'Unknown';
  }
  else if ($row['State'] == 'AL') {
    $SchoolState = 'Alabama';
  } 
  else if ($row['State'] == 'AK') {
    $SchoolState = 'Alaska';
  } 
  else if ($row['State'] == 'AZ') {
    $SchoolState = 'Arizona';
  }
  else if ($row['State'] == 'AR') {
    $SchoolState = 'Arkansas';
  }

  print 'This school is in';
  print $SchoolState;
  }

当我们将文本输入=＆gt;时执行PHP代码

<input name="SchoolName" type="text" maxlength="50"  size="30"  id="SchoolName" value="" onfocus="showVal(this.value);" />

我们使用的javascript将字符串传递给PHP funcs.php：

function showVal(str)
{
if (str=="")
  {
  document.getElementById("txtHint").innerHTML="";
  return;
  }
if (window.XMLHttpRequest)
  {// code for IE7+, Firefox, Chrome, Opera, Safari
  xmlhttp=new XMLHttpRequest();
  }
else
  {// code for IE6, IE5
  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  }
xmlhttp.onreadystatechange=function()
  {
  if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
    document.getElementById("txtHint").innerHTML=xmlhttp.responseText;
    }
  }



xmlhttp.open("GET","funcs.php?q="+str.replace("&", "%26").replace(/ /g, "+"),true);
xmlhttp.send();
}

Answer 1

这是您的代码略有改进（在评论中）。

PHP：

require 'dbconnect.php';

// ESCAPE USER INPUT BEFORE PASSING TO SQL!!!
$sql = "SELECT * FROM bl_zrify WHERE Name = '".mysql_real_escape_string($_GET["q"])."'";

$result = mysql_query($sql);
while($row = mysql_fetch_array($result)) {
  // Switch is better for this type of operation
  switch ($row['State']) {
    case 'AL':
      $SchoolState = 'Alabama';
      break;
    case 'AK':
      $SchoolState = 'Alaska';
      break;
    case 'AR':
      $SchoolState = 'Arkansas';
      break;
    case 'AZ':
      $SchoolState = 'Arizona';
      break;
    default:
      $SchoolState = 'Unknown';
  }

  print "This school is in $SchoolState<br />\n";

}

的Javascript

function showVal(str) {
  if (str == "") {
    document.getElementById("txtHint").innerHTML = "";
    return;
  }
  if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
    xmlhttp = new XMLHttpRequest();
  } else {// code for IE6, IE5
    xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  }
  xmlhttp.onreadystatechange = function () {
    if (xmlhttp.readyState == 4) {
      if (xmlhttp.status == 200) { // break this into 2 statements so you can handle HTTP errors
        document.getElementById("txtHint").innerHTML = xmlhttp.responseText;
      } else {
        document.getElementById("txtHint").innerHTML = "AJAX Error (HTTP "+xmlhttp.status+")";
      }
    }
  }; // functions declared in this way should be followed by a semi colon, since the function declaration is actually a statement.
  // encodeURIComponent() does all the escaping work for you - it is roughly analogous to PHP's urlencode()
  xmlhttp.open("GET","funcs.php?q="+encodeURIComponent(str),true);
  xmlhttp.send();
}

但是，我怀疑这里的实际问题是你实际上并没有完全匹配数据库中输入的字符串。考虑在SQL中使用LIKE子句而不是精确比较。还要确保Name字段的排序规则不区分大小写。

为什么查询不能与请求中的放大器（＆amp;）/％26一起使用？

1 个答案: