Fatal编程技术网
  • php/
  • Php 变量在查询内部传递时失败

Php 变量在查询内部传递时失败

php jquery ajax

Php 变量在查询内部传递时失败,php,jquery,ajax,Php,Jquery,Ajax,我使用ajax调用将$place变量传递给listplace.php中的查询。ajax调用在php1.phpcode中工作得很好,但是$place值不会传递到查询上。请帮忙 php也能很好地工作,但当我试图在where条件下传递$place时,它失败了 php1.php代码 <select id="name"> <option selected disabled>Please select</option> </select> <?ph

我使用ajax调用将
$place
变量传递给
listplace.php
中的查询。ajax调用在
php1.php
code中工作得很好,但是
$place
值不会传递到查询上。请帮忙

php也能很好地工作,但当我试图在where条件下传递$place时,它失败了

php1.php代码

<select id="name">
  <option selected disabled>Please select</option>
</select>

<?php if (isset($_GET['place']) && $_GET['place'] != '') { ?>

    <script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
    <script>
        $.ajax({
            type: "POST",
            data: {place: '<?= $_GET['place'] ?>'},
            url: 'listplace.php',
            dataType: 'json',
            success: function (json) {
                if (json.option.length) {
                    var $el = $("#name"); 
                    $el.empty(); // remove old options
                    for (var i = 0; i < json.option.length; i++) {
                        $el.append($('<option>',
                            {
                                value: json.option[i],
                                text: json.option[i]
                            }));
                    }
                }else {
                    alert('No data found!');
                }
            }
        });
    </script>
<?php } ?>


请选择
$.ajax({
类型:“POST”,
数据:{位置:'},
url:'listplace.php',
数据类型:“json”,
成功:函数(json){
if(json.option.length){
变量$el=$(“#名称”);
$el.empty();//删除旧选项
for(var i=0;i
listplace.php

<?php
//connect to the mysql
$db = @mysql_connect('localhost', 'root', 'password') or die("Could not connect database");
@mysql_select_db('test', $db) or die("Could not select database");

$place = $_POST['place'];

$sql = @mysql_query("select product_name from products_list where product_name = '$place'");
$rows = array();
while($r = mysql_fetch_assoc($sql)) {
    $rows[] = $r['product_name'];
}
if (count($rows)) {
    echo json_encode(['option'=> $rows]);
}else {
    echo json_encode(['option'=> false]);
}
?>

更改此行


 data: {place: '<?= $_GET['place'] ?>'},



数据:{place:'},



数据:{place:'},

一个改进是开始使用准备好的语句。这只是对解释者答案的补充

这将防止SQL注入攻击


$sql_con = new mysqli('localhost', 'root', 'password', 'test');//get connection
    $place = $_POST['place'];//posted variable
    if($stmt = $sql_con->prepare("select product_name from products_list where product_name =?")) {//prepare returns true or false

       $stmt->bind_param("s", $place); //bind the posted variable
       $stmt->execute(); //execute query
       $stmt->bind_result($product_name);//bind the result from query securely

        $rows = array();//create result array
       while ($stmt->fetch()) {//start loop
         $rows[] = $product_name;//grab everything in array
       }
       if (count($rows)) {//check for number
            echo json_encode(['option'=> $rows]);
        } else {
            echo json_encode(['option'=> false]);
        }



不要使用
mysql*
将PDO或MYSQLI与准备好的语句一起使用
var\u dump($\u POST)
我可能会错,但我觉得这不对:
{place:'}
我认为单引号会终止字符串。您是否尝试过
{place:'}
您的控制台中应该会出现错误。你真的需要检查那里。@JoshuaTerrill Nice spot我不认为这是问题,因为
优先于引号。但是你有嵌套的撇号。你能告诉我$place=$\u POST['place']的用法吗;这是您通过AJAX调用获得的已发布变量。在php脚本上执行
var\u转储($\u POST)
,您将看到

$sql_con = new mysqli('localhost', 'root', 'password', 'test');//get connection
    $place = $_POST['place'];//posted variable
    if($stmt = $sql_con->prepare("select product_name from products_list where product_name =?")) {//prepare returns true or false

       $stmt->bind_param("s", $place); //bind the posted variable
       $stmt->execute(); //execute query
       $stmt->bind_result($product_name);//bind the result from query securely

        $rows = array();//create result array
       while ($stmt->fetch()) {//start loop
         $rows[] = $product_name;//grab everything in array
       }
       if (count($rows)) {//check for number
            echo json_encode(['option'=> $rows]);
        } else {
            echo json_encode(['option'=> false]);
        }