Php 变量在查询内部传递时失败
我使用ajax调用将Php 变量在查询内部传递时失败,php,jquery,ajax,Php,Jquery,Ajax,我使用ajax调用将$place变量传递给listplace.php中的查询。ajax调用在php1.phpcode中工作得很好,但是$place值不会传递到查询上。请帮忙 php也能很好地工作,但当我试图在where条件下传递$place时,它失败了 php1.php代码 <select id="name"> <option selected disabled>Please select</option> </select> <?ph
$place
变量传递给listplace.php
中的查询。ajax调用在php1.php
code中工作得很好,但是$place
值不会传递到查询上。请帮忙
php也能很好地工作,但当我试图在where条件下传递$place时,它失败了
php1.php代码
<select id="name">
<option selected disabled>Please select</option>
</select>
<?php if (isset($_GET['place']) && $_GET['place'] != '') { ?>
<script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
<script>
$.ajax({
type: "POST",
data: {place: '<?= $_GET['place'] ?>'},
url: 'listplace.php',
dataType: 'json',
success: function (json) {
if (json.option.length) {
var $el = $("#name");
$el.empty(); // remove old options
for (var i = 0; i < json.option.length; i++) {
$el.append($('<option>',
{
value: json.option[i],
text: json.option[i]
}));
}
}else {
alert('No data found!');
}
}
});
</script>
<?php } ?>
请选择
$.ajax({
类型:“POST”,
数据:{位置:'},
url:'listplace.php',
数据类型:“json”,
成功:函数(json){
if(json.option.length){
变量$el=$(“#名称”);
$el.empty();//删除旧选项
for(var i=0;i
listplace.php
<?php
//connect to the mysql
$db = @mysql_connect('localhost', 'root', 'password') or die("Could not connect database");
@mysql_select_db('test', $db) or die("Could not select database");
$place = $_POST['place'];
$sql = @mysql_query("select product_name from products_list where product_name = '$place'");
$rows = array();
while($r = mysql_fetch_assoc($sql)) {
$rows[] = $r['product_name'];
}
if (count($rows)) {
echo json_encode(['option'=> $rows]);
}else {
echo json_encode(['option'=> false]);
}
?>
更改此行
data: {place: '<?= $_GET['place'] ?>'},
数据:{place:'},
到
数据:{place:'},
一个改进是开始使用准备好的语句。这只是对解释者答案的补充
这将防止SQL注入攻击
$sql_con = new mysqli('localhost', 'root', 'password', 'test');//get connection
$place = $_POST['place'];//posted variable
if($stmt = $sql_con->prepare("select product_name from products_list where product_name =?")) {//prepare returns true or false
$stmt->bind_param("s", $place); //bind the posted variable
$stmt->execute(); //execute query
$stmt->bind_result($product_name);//bind the result from query securely
$rows = array();//create result array
while ($stmt->fetch()) {//start loop
$rows[] = $product_name;//grab everything in array
}
if (count($rows)) {//check for number
echo json_encode(['option'=> $rows]);
} else {
echo json_encode(['option'=> false]);
}
不要使用mysql*
将PDO或MYSQLI与准备好的语句一起使用var\u dump($\u POST)
我可能会错,但我觉得这不对:{place:'}
我认为单引号会终止字符串。您是否尝试过{place:'}
您的控制台中应该会出现错误。你真的需要检查那里。@JoshuaTerrill Nice spot我不认为这是问题,因为
优先于引号。但是你有嵌套的撇号。你能告诉我$place=$\u POST['place']的用法吗;这是您通过AJAX调用获得的已发布变量。在php脚本上执行var\u转储($\u POST)
,您将看到
$sql_con = new mysqli('localhost', 'root', 'password', 'test');//get connection
$place = $_POST['place'];//posted variable
if($stmt = $sql_con->prepare("select product_name from products_list where product_name =?")) {//prepare returns true or false
$stmt->bind_param("s", $place); //bind the posted variable
$stmt->execute(); //execute query
$stmt->bind_result($product_name);//bind the result from query securely
$rows = array();//create result array
while ($stmt->fetch()) {//start loop
$rows[] = $product_name;//grab everything in array
}
if (count($rows)) {//check for number
echo json_encode(['option'=> $rows]);
} else {
echo json_encode(['option'=> false]);
}