Javascript 从ajax函数发送到php文件时无法获取完整字符串
在blur上,我通过ajax函数getservice_search将数据发送到get_service_category.php。在发送之前,我警告变量,它会给出完整的字符串作为Buff&Gelcoat[丙烯酸美甲],但当它被发布到get_service_category.php,然后回显到页面时,它只会打印Buff,之后会被修剪Javascript 从ajax函数发送到php文件时无法获取完整字符串,javascript,php,ajax,Javascript,Php,Ajax,在blur上,我通过ajax函数getservice_search将数据发送到get_service_category.php。在发送之前,我警告变量,它会给出完整的字符串作为Buff&Gelcoat[丙烯酸美甲],但当它被发布到get_service_category.php,然后回显到页面时,它只会打印Buff,之后会被修剪 <!--viewservice.php--> 搜索服务 $(函数(){ //自动完成 $(“.auto”).autocomplete({ 来源:“sear
<!--viewservice.php-->
搜索服务
$(函数(){
//自动完成
$(“.auto”).autocomplete({
来源:“search_services.php”,
最小长度:1
});
});
函数getservice_搜索(x)
{
if(window.XMLHttpRequest)
{//IE7+、Firefox、Chrome、Opera、Safari的代码
xmlhttp=新的XMLHttpRequest();
}
其他的
{//IE6、IE5的代码
xmlhttp=新的ActiveXObject(“Microsoft.xmlhttp”);
}
xmlhttp.onreadystatechange=函数()
{
if(xmlhttp.readyState==4&&xmlhttp.status==200)
{
document.getElementById(“box1”).innerHTML=xmlhttp.responseText;
}
}
var select_service=document.getElementById(“select_service”).value;
警报(选择服务);
open(“GET”,“GET_service_category.php?select_service=“+select_service,true”);
xmlhttp.send();
}
在这里输入代码
您忽略了正确地对值进行URL编码—查询字符串中的&
将参数彼此分离,因此?select_service=Buff&Gelcoat…
将意味着一个名为select_service
且值为Buff
的参数,然后是第二个名为Gelcoat…
的参数
在将值放入查询字符串之前使用。sql注入警告您需要转义每个请求,而不是其中的一些:)为此,我使用了mysql\u real\u escape\u string,我还应该添加什么其他注意事项:当使用jquery autocomplete时,为什么要使用getservice\u search?
<label>Search Service</label>
<input type='text' name='country' id="select_service" value='' class='auto' onblur="getservice_search(this.value)"/>
<img src="img/icons/search-50.png" height="22" width="22" style="padding-left:5px;margin-bottom:-5px;cursor:pointer;" id="search" alt="Search" title="Click To Search" />
<script type="text/javascript" src="../js/jquery-1.9.1.js"></script>
<script type="text/javascript" src="../js/jquery-ui-1.10.3.custom.min.js"></script>
<script type="text/javascript">
$(function() {
//autocomplete
$(".auto").autocomplete({
source: "search_services.php",
minLength: 1
});
});
</script>
<script type="text/javascript">
function getservice_search(x)
{
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
document.getElementById("box1").innerHTML=xmlhttp.responseText;
}
}
var select_service = document.getElementById("select_service").value;
alert(select_service);
xmlhttp.open("GET","get_service_category.php?select_service="+select_service,true);
xmlhttp.send();
}
</script>
enter code here
<!--get_service_category.php -->
<?php
include('../config/connect.php');
include('unset_super_admin.php');
function clean($str)
{
$str = @trim($str);
if(get_magic_quotes_gpc())
{
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
if(isset($_GET['service_category']))
{
$service_category = $_GET['service_category'];
$sql ="select * from services where service_cat_id='$service_category' ";
}
else if($_GET['select_service'])
{
$select_service=clean($_GET["select_service"]);
$sql ="select * from services where service_name='$select_service' ";
}
else if($_GET['select_service']=="")
{
$sql ="select * from services";
}
$result_services = mysql_query($sql);
if($result_services)
{
echo $select_service;
?>
<table style="text-align:center;" class="viewcustomer">
<tr>
<th>Id</th>
<th>Service Name</th>
<th>Price</th>
<th>Action</th>
</tr>
<?php
while($rowresult=mysql_fetch_array($result_services))
{
echo "<tr>";
echo "<td>$rowresult[service_id]</td>";
echo "<td>$rowresult[service_name]</td>";
echo "<td>$rowresult[service_price]</td>";
echo '<td><a href="edit_services.php?service_id=' . $rowresult['service_id'] .'" "><Img src="img/icons/button_edit.gif" title="EDIT" alt="EDIT SERVICE" /> </a></td>';
echo "</tr>";
}
}
?>