嗨,我想要一个按年份显示帖子文件的列表 当用户点击年份时,将显示帖子
我正在使用ajax调用functions.php,其中有一个函数 将抓取帖子,但我似乎无法访问 $wpdb ?
非常感谢!
html:
<ul id="years">
<?php
$months = $wpdb->get_results("SELECT DISTINCT YEAR( post_date ) AS year,post_title as title, ID as post_id, COUNT( id ) as post_count FROM $wpdb->posts WHERE post_status = 'publish' and post_date <= now( ) and post_type = 'post' GROUP BY year ORDER BY post_date DESC");
foreach($months as $month) : ?>
<li>
<a href="" onClick="year_to_post_titles(<?php echo $month->year; ?>)">
<?php if(in_category("photography",$month->post_id)){
echo $month->year;
} ?>
</a>
</li>
<?php endforeach; ?>
</ul>
ajax:
<script>
function year_to_post_titles(year){
var find_titles="find_titles";
//request ajax
if(window.XMLHttpRequest){
xmlhttp=new XMLHttpRequest();
}
else{
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
//state change
xmlhttp.onreadystatechange=function(){
if(xmlhttp.readyState==4&& xmlhttp.status==200){
document.getElementById("work_items").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET","<?php bloginfo(template_directory) ?>/functions.php?func=find_titles&y="+year,true);
xmlhttp.send()
}
</script>
函数.php:
<?php
$which_func=$_GET["func"];
if(function_exists($which_func)){
find_titles();
};
function find_titles(){
global $wpdb;
$which_year=$_GET["y"];
$titles = $wpdb->get_results("SELECT DISTINCT YEAR( post_date ) AS year,post_title as title, ID as post_id, COUNT( id ) as post_count FROM $wpdb->posts WHERE post_status = 'publish' and post_date <= now( ) and post_type = 'post' GROUP BY year ORDER BY post_date DESC");
foreach($titles as $var_title){
echo "<li><a href=''>";
if(in_category("photography",$var_title->post_id)){
echo $var_title->title;
}
echo "</a></li>";
}
}
?>
最佳答案
此外,您不应该这样做:
<?php
$which_func=$_GET["func"];
if(function_exists($which_func)){
$which_func();
};
?>
如果你这样做,用户将能够调用任何现有的函数(例如 phpinfo() ,但如果有一点想象力,情况可能会更糟)。这是一个巨大的安全漏洞。
关于php - 调用 php 函数通过 ajax 显示我的帖子后,似乎无法访问 $wpdb,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/7682104/