为什么查询不能'在请求中使用amp (&) / %26 - Why Query doesn't work with amp (&) / %26 inside request?

OK，当没有(amp/&/&)内部查询:

example1 => BRAHAM BALDWIN AGRICULTURAL COLLEGE

被转换成=> BRAHAM+BALDWIN+AGRICULTURAL+COLLEGE

示例1 =>正常工作并返回=>这所学校位于阿拉巴马州

example2 query => BRYANT & STRATTON BUSINESS INSTITUTE - BUFFALO

转换后的查询结果如下=> BRYANT+%26+STRATTON+BUSINESS+INSTITUTE+-+BUFFALO

示例2 =>没有返回任何东西，我很确定这是因为%26 (amp/&)…

funcs.php中的代码:

require 'dbconnect.php';
$q = $_GET["q"];
$sql = "SELECT * FROM bl_zrify WHERE Name = '".$q."'";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result))
  {
  if ($row['State'] == '') {
    $SchoolState = 'Unknown';
  }
  else if ($row['State'] == 'AL') {
    $SchoolState = 'Alabama';
  } 
  else if ($row['State'] == 'AK') {
    $SchoolState = 'Alaska';
  } 
  else if ($row['State'] == 'AZ') {
    $SchoolState = 'Arizona';
  }
  else if ($row['State'] == 'AR') {
    $SchoolState = 'Arkansas';
  }
  print 'This school is in';
  print $SchoolState;
  }

PHP代码执行时，我们输入文本=>

<input name="SchoolName" type="text" maxlength="50"  size="30"  id="SchoolName" value="" onfocus="showVal(this.value);" />

javascript用来传递字符串给PHP funcs。PHP:

function showVal(str)
{
if (str=="")
  {
  document.getElementById("txtHint").innerHTML="";
  return;
  }
if (window.XMLHttpRequest)
  {// code for IE7+, Firefox, Chrome, Opera, Safari
  xmlhttp=new XMLHttpRequest();
  }
else
  {// code for IE6, IE5
  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  }
xmlhttp.onreadystatechange=function()
  {
  if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
    document.getElementById("txtHint").innerHTML=xmlhttp.responseText;
    }
  }

xmlhttp.open("GET","funcs.php?q="+str.replace("&", "%26").replace(/ /g, "+"),true);
xmlhttp.send();
}

这是你的代码，有一些轻微的改进(在注释中)。

PHP:

require 'dbconnect.php';
// ESCAPE USER INPUT BEFORE PASSING TO SQL!!!
$sql = "SELECT * FROM bl_zrify WHERE Name = '".mysql_real_escape_string($_GET["q"])."'";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result)) {
  // Switch is better for this type of operation
  switch ($row['State']) {
    case 'AL':
      $SchoolState = 'Alabama';
      break;
    case 'AK':
      $SchoolState = 'Alaska';
      break;
    case 'AR':
      $SchoolState = 'Arkansas';
      break;
    case 'AZ':
      $SchoolState = 'Arizona';
      break;
    default:
      $SchoolState = 'Unknown';
  }
  print "This school is in $SchoolState<br />'n";
}

Javascript

function showVal(str) {
  if (str == "") {
    document.getElementById("txtHint").innerHTML = "";
    return;
  }
  if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
    xmlhttp = new XMLHttpRequest();
  } else {// code for IE6, IE5
    xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  }
  xmlhttp.onreadystatechange = function () {
    if (xmlhttp.readyState == 4) {
      if (xmlhttp.status == 200) { // break this into 2 statements so you can handle HTTP errors
        document.getElementById("txtHint").innerHTML = xmlhttp.responseText;
      } else {
        document.getElementById("txtHint").innerHTML = "AJAX Error (HTTP "+xmlhttp.status+")";
      }
    }
  }; // functions declared in this way should be followed by a semi colon, since the function declaration is actually a statement.
  // encodeURIComponent() does all the escaping work for you - it is roughly analogous to PHP's urlencode()
  xmlhttp.open("GET","funcs.php?q="+encodeURIComponent(str),true);
  xmlhttp.send();
}

然而，我怀疑这里的实际问题是您实际上没有与数据库中输入的字符串完全匹配的字符串。考虑在SQL中使用LIKE子句而不是精确比较。还要确保Name字段的排序不区分大小写。