以下代码返回$userurl,即:
<button class="Urllink" type="button" onclick="window.parent.location.href=" www.facebook.com";"><img src="http://www.facebook.com/favicon.ico" width="16" height="16">Facebook</button>
代码:
function userUrl($user){
include ('bin/mysqllogin.php');
$userUrl = '';
$query = "SELECT * FROM urls WHERE Usernaam = '$user'";
$result = mysqli_query($dbc, $query);
if (!$result) {
echo ' Query Failed ';
}else{
if (@mysqli_num_rows($result) >= 1) {
while ($dbresult = mysqli_fetch_assoc($result)){
$userUrl .= '<p class="Link_par"><button class="Urllink" type="button" onclick="window.parent.location.href="';
$userUrl .= $dbresult['Url'] . '";><img src=' . $dbresult["UrlIcon"] . ' width="16" height="16">' . $dbresult["UrlName"] . '</button>';
}
}
}
mysqli_close($dbc);
return $userUrl;
}
如您所见,$userUrl 返回的不是所需的 http://www.facebook.com 。我在这里做错了什么?
编辑1:找到解决方案。我需要在 var $dbresult['Url'] 周围添加/'。于是代码改为:
function userUrl($user){
include ('bin/mysqllogin.php');
$userUrl = '';
$query = "SELECT * FROM urls WHERE Usernaam = '$user'";
$result = mysqli_query($dbc, $query);
if (!$result) {
echo ' Query Failed ';
}else{
if (@mysqli_num_rows($result) >= 1) {
while ($dbresult = mysqli_fetch_assoc($result)){
$userUrl .= '<p class="Link_par"><button class="Urllink" type="button" onclick="window.parent.location.href=\'';
$userUrl .= $dbresult['Url'] . '\';"><img src=' . $dbresult["UrlIcon"] . ' width="16" height="16">' . $dbresult["UrlName"] . '</button>';
}
}
}
mysqli_close($dbc);
return $userUrl;
}
最佳答案
您需要在 $userUrl
前面添加 http://
。因此:
function userUrl($user) {
include ('bin/mysqllogin.php');
$userUrl = 'http://'; // <-- Prepended in here
$query = "SELECT * FROM urls WHERE Usernaam = '$user'";
$result = mysqli_query($dbc, $query);
if (!$result) {
echo ' Query Failed ';
}else{
if (@mysqli_num_rows($result) >= 1) {
while ($dbresult = mysqli_fetch_assoc($result)){
$userUrl .= '<p class="Link_par"><button class="Urllink" type="button" onclick="window.parent.location.href="';
$userUrl .= $dbresult['Url'] . '";><img src=' . $dbresult["UrlIcon"] . ' width="16" height="16">' . $dbresult["UrlName"] . '</button>';
}
}
}
mysqli_close($dbc);
return $userUrl;
}
请顺便查找 SQL 注入(inject)。或者,最好的选择,使用 PDO .
关于javascript - 按钮 onclick= 返回不带斜杠的 var,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20890068/