考虑到以下因素,我正在尝试构建从 Ajax 到 PHP/MySQL 的自定义查询。
Javascript 代码:
var i=2;
fetchFromDBPHP("name", "tblperson", "id="+i);
function fetchFromDBPHP(column, table, condition) {
$.ajax({
type: "post",
url: "./php/fetchFromDB.php",
dataType: 'json',
data: { column: column, table: table, condition: condition },
success: function(data) {
console.log("Fetched data from PHP:" + data);
},
error:function(request, status, error) {
console.log("Reading PHP database went wrong. Error " + request.responseText);
}
});
}
PHP代码:
<?php
$column = $_POST['column'];
$table = $_POST['table'];
$condition = $_POST['condition'];
if (isset($table)) {
$sql = "SELECT " . intval($_POST['column']) . " FROM " . intval($_POST['table']) . " WHERE " . intval($_POST['condition']);
$con = mysqli_connect("localhost", "root", "bloh", "blah");
if (!$con) {
die("Connection failed: " . mysqli_error($con));
}
$result = mysqli_query($con, $sql);
$to_encode = array();
while($row = mysqli_fetch_array($result, MYSQLI_NUM)) {
$to_encode[] = $row;
}
echo json_encode($to_encode);
mysqli_close($con);
}
?>
我的表格可能与此类似:
表tblperson:
id name firstname tel
1 Dalton Jack 555-5555
2 Smith John 555-6666
3 Doe John 555-7777
我想做的是发送一个类似于
的查询SELECT something FROM mytable WHERE condition=that
使用 Ajax。 我有一条错误消息,但没有检索到任何内容。
最佳答案
感谢“user2486”,我的代码是错误的。正确的用法是:
fetchFromDBPHP("name", "tblperson", "id='"+address+"'");
但是,我也同意“Quentin”的观点,他的其余代码容易受到 SQL 注入(inject)攻击。
关于javascript - 选择...从...使用 Ajax 的位置,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46197202/