OK,当没有(amp/&/&)内部查询:
example1 => BRAHAM BALDWIN AGRICULTURAL COLLEGE
被转换成=> BRAHAM+BALDWIN+AGRICULTURAL+COLLEGE
示例1 =>正常工作并返回=>这所学校位于阿拉巴马州
example2 query => BRYANT & STRATTON BUSINESS INSTITUTE - BUFFALO
转换后的查询结果如下=> BRYANT+%26+STRATTON+BUSINESS+INSTITUTE+-+BUFFALO
示例2 =>没有返回任何东西,我很确定这是因为%26 (amp/&)…
funcs.php中的代码:
require 'dbconnect.php';
$q = $_GET["q"];
$sql = "SELECT * FROM bl_zrify WHERE Name = '".$q."'";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result))
{
if ($row['State'] == '') {
$SchoolState = 'Unknown';
}
else if ($row['State'] == 'AL') {
$SchoolState = 'Alabama';
}
else if ($row['State'] == 'AK') {
$SchoolState = 'Alaska';
}
else if ($row['State'] == 'AZ') {
$SchoolState = 'Arizona';
}
else if ($row['State'] == 'AR') {
$SchoolState = 'Arkansas';
}
print 'This school is in';
print $SchoolState;
}
PHP代码执行时,我们输入文本=>
<input name="SchoolName" type="text" maxlength="50" size="30" id="SchoolName" value="" onfocus="showVal(this.value);" />
javascript用来传递字符串给PHP funcs。PHP:
function showVal(str)
{
if (str=="")
{
document.getElementById("txtHint").innerHTML="";
return;
}
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
document.getElementById("txtHint").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET","funcs.php?q="+str.replace("&", "%26").replace(/ /g, "+"),true);
xmlhttp.send();
}
这是你的代码,有一些轻微的改进(在注释中)。
PHP:require 'dbconnect.php';
// ESCAPE USER INPUT BEFORE PASSING TO SQL!!!
$sql = "SELECT * FROM bl_zrify WHERE Name = '".mysql_real_escape_string($_GET["q"])."'";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result)) {
// Switch is better for this type of operation
switch ($row['State']) {
case 'AL':
$SchoolState = 'Alabama';
break;
case 'AK':
$SchoolState = 'Alaska';
break;
case 'AR':
$SchoolState = 'Arkansas';
break;
case 'AZ':
$SchoolState = 'Arizona';
break;
default:
$SchoolState = 'Unknown';
}
print "This school is in $SchoolState<br />'n";
}
Javascript function showVal(str) {
if (str == "") {
document.getElementById("txtHint").innerHTML = "";
return;
}
if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp = new XMLHttpRequest();
} else {// code for IE6, IE5
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange = function () {
if (xmlhttp.readyState == 4) {
if (xmlhttp.status == 200) { // break this into 2 statements so you can handle HTTP errors
document.getElementById("txtHint").innerHTML = xmlhttp.responseText;
} else {
document.getElementById("txtHint").innerHTML = "AJAX Error (HTTP "+xmlhttp.status+")";
}
}
}; // functions declared in this way should be followed by a semi colon, since the function declaration is actually a statement.
// encodeURIComponent() does all the escaping work for you - it is roughly analogous to PHP's urlencode()
xmlhttp.open("GET","funcs.php?q="+encodeURIComponent(str),true);
xmlhttp.send();
}
然而,我怀疑这里的实际问题是您实际上没有与数据库中输入的字符串完全匹配的字符串。考虑在SQL中使用LIKE
子句而不是精确比较。还要确保Name
字段的排序不区分大小写。