好的,当查询中没有 ( amp/&/& ) 时,代码会正常返回结果:
example1 => BRAHAM BALDWIN AGRICULTURAL COLLEGE
已转换,查询类似于 => BRAHAM+BALDWIN+AGRICULTURAL+COLLEGE
示例 1 => 正常工作并返回 => 这所学校位于阿拉巴马州
example2 query => BRYANT & STRATTON BUSINESS INSTITUTE - BUFFALO
已转换,查询类似于 => BRYANT+%26+STRATTON+BUSINESS+INSTITUTE+-+BUFFALO
示例 2 => 没有返回任何内容,我很确定这是因为 %26 (amp/&)...
funcs.php 中的代码:
require 'dbconnect.php';
$q = $_GET["q"];
$sql = "SELECT * FROM bl_zrify WHERE Name = '".$q."'";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result))
{
if ($row['State'] == '') {
$SchoolState = 'Unknown';
}
else if ($row['State'] == 'AL') {
$SchoolState = 'Alabama';
}
else if ($row['State'] == 'AK') {
$SchoolState = 'Alaska';
}
else if ($row['State'] == 'AZ') {
$SchoolState = 'Arizona';
}
else if ($row['State'] == 'AR') {
$SchoolState = 'Arkansas';
}
print 'This school is in';
print $SchoolState;
}
当我们在 => 中输入文本时,PHP 代码就会被执行
<input name="SchoolName" type="text" maxlength="50" size="30" id="SchoolName" value="" onfocus="showVal(this.value);" />
以及我们用来将字符串传递给 PHP funcs.php 的 javascript:
function showVal(str)
{
if (str=="")
{
document.getElementById("txtHint").innerHTML="";
return;
}
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
document.getElementById("txtHint").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET","funcs.php?q="+str.replace("&", "%26").replace(/ /g, "+"),true);
xmlhttp.send();
}
最佳答案
这是您的代码,有一些细微的改进(在注释中)。
PHP:
require 'dbconnect.php';
// ESCAPE USER INPUT BEFORE PASSING TO SQL!!!
$sql = "SELECT * FROM bl_zrify WHERE Name = '".mysql_real_escape_string($_GET["q"])."'";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result)) {
// Switch is better for this type of operation
switch ($row['State']) {
case 'AL':
$SchoolState = 'Alabama';
break;
case 'AK':
$SchoolState = 'Alaska';
break;
case 'AR':
$SchoolState = 'Arkansas';
break;
case 'AZ':
$SchoolState = 'Arizona';
break;
default:
$SchoolState = 'Unknown';
}
print "This school is in $SchoolState<br />\n";
}
Javascript
function showVal(str) {
if (str == "") {
document.getElementById("txtHint").innerHTML = "";
return;
}
if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp = new XMLHttpRequest();
} else {// code for IE6, IE5
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4) {
if (xmlhttp.status == 200) { // break this into 2 statements so you can handle HTTP errors
document.getElementById("txtHint").innerHTML = xmlhttp.responseText;
} else {
document.getElementById("txtHint").innerHTML = "AJAX Error (HTTP "+xmlhttp.status+")";
}
}
}; // functions declared in this way should be followed by a semi colon, since the function declaration is actually a statement.
// encodeURIComponent() does all the escaping work for you - it is roughly analogous to PHP's urlencode()
xmlhttp.open("GET","funcs.php?q="+encodeURIComponent(str),true);
xmlhttp.send();
}
但是,我怀疑这里的实际问题是数据库中输入的字符串实际上没有完全匹配。考虑在 SQL 中使用 LIKE
子句而不是精确比较。还要确保 Name
字段的排序规则不区分大小写。
关于php - 为什么查询不能在请求内使用 amp (&)/%26?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/7778038/