我正试图通过数据库填充一个列表(正在工作),使用AJAX和PHP将您带到当前页面中的嵌套(可能是错误的单词)页面。据我所知,我的问题是PHP而不是AJAX。我已经对sql注入保护进行了编码。我相信问题完全存在于第24行附近的getrs.php中。我没有收到任何错误。
非常感谢!
rss.php
<html>
<head>
<script>
function showRSS(str) {
if (str.length==0) {
document.getElementById("rssOutput").innerHTML="";
return;
}
if (window.XMLHttpRequest) {
// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
} else { // code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function() {
if (xmlhttp.readyState==4 && xmlhttp.status==200) {
document.getElementById("rssOutput").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET","getrss.php?q="+str,true);
xmlhttp.send();
}
</script>
</head>
<body>
<form method="post" action="rss.php">
<select name="users" onchange="showUser(this.value)">
<option value="">Select a person:</option>
<?php
$con=mysqli_connect("localhost","user","password","table");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM rssfeeds");
while($row = mysqli_fetch_array($result)) {
echo "<option value='" . $row['id'] . "'>" . $row['rssfeedname'] . "</option>";
mysqli_close($con);
}
?>
</select>
</form>
<br>
<div id="rssOutput">RSS Display</div>
</body>
</html>
getrs.php
<?php
//get the q parameter from URL
$q = intval($_GET['q']);
$con=mysqli_connect("localhost","user","password","table");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = "SELECT * FROM users WHERE id ='".$q."'";
$result = mysqli_query($con,$query);
?>
<?php
while($row = mysqli_fetch_array($result))
{
$info2 = $row['info2'];
$id = $row['id'];
}
?>
<?php
// escape variables for security
$id = mysqli_real_escape_string($con, $_POST['id']);
$info2 = mysqli_real_escape_string($con, $_POST['info2']);
//find out which feed was selected
if($q=='" . $row['id'] . "') {
$xml=('" . $row['info2'] . "');
}
$xmlDoc = new DOMDocument();
$xmlDoc->load($xml);
//get elements from "<channel>"
$channel=$xmlDoc->getElementsByTagName('channel')->item(0);
$channel_title = $channel->getElementsByTagName('title')
->item(0)->childNodes->item(0)->nodeValue;
$channel_link = $channel->getElementsByTagName('link')
->item(0)->childNodes->item(0)->nodeValue;
$channel_desc = $channel->getElementsByTagName('description')
->item(0)->childNodes->item(0)->nodeValue;
//output elements from "<channel>"
echo("<p><a href='" . $channel_link . "'>" . $channel_title . "</a>");
echo("<br>");
echo($channel_desc . "</p>");
//get and output "<item>" elements
$x=$xmlDoc->getElementsByTagName('item');
for ($i=0; $i<=2; $i++) {
$item_title=$x->item($i)->getElementsByTagName('title')
->item(0)->childNodes->item(0)->nodeValue;
$item_link=$x->item($i)->getElementsByTagName('link')
->item(0)->childNodes->item(0)->nodeValue;
$item_desc=$x->item($i)->getElementsByTagName('description')
->item(0)->childNodes->item(0)->nodeValue;
echo ("<p><a href='" . $item_link . "'>" . $item_title . "</a>");
echo ("<br>");
echo ($item_desc . "</p>");
}
?>
这些行:
if($q=='" . $row['id'] . "') {
$xml=('" . $row['info2'] . "');
}
是无效语法。这是字符串
" $row[
后面跟着标识符
id
然后是字符串
] . "
你不可能有这样的序列,你需要在它们之间使用某种运算符。你显然是想用双引号和圆点连接一些东西,但由于它们在单引号内,所以它们只是字面字符。
应该是:
if ($q == $row['id']) {
$xml = $row['info2'];
}
您编写的代码甚至不应该运行,我不知道您是如何收到有关调用DOMDocument::load()的错误消息的。如果您没有将从数据库检索的值用作另一个查询的输入,则无需对这些值调用此函数。
我不明白你为什么需要if测试。SQL只检索id = $q所在的行,所以测试总是成功的。
此外,mysqli_real_escape_string()应该只用于转义要替换到SQL语句中的变量。
<select name="users" onchange="showRSS(this.value)">
工作代码,仍然需要将mysqli替换为pdo
rss.php
<html>
<head>
<script>
function showRSS(str) {
if (str.length==0) {
document.getElementById("rssOutput").innerHTML="";
return;
}
if (window.XMLHttpRequest) {
// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
} else { // code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function() {
if (xmlhttp.readyState==4 && xmlhttp.status==200) {
document.getElementById("rssOutput").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET","getrss.php?q="+str,true);
xmlhttp.send();
}
</script>
</head>
<body>
<form method="post" action="rss.php">
<select name="users" onchange="showRSS(this.value)">
<option value="">Select a person:</option>
<?php
$con=mysqli_connect("localhost","user","password","table");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM users");
while($row = mysqli_fetch_array($result)) {
echo "<option value='" . $row['id'] . "'>" . $row['uname'] . "</option>";
mysqli_close($con);
}
?>
</select>
</form>
<br>
<div id="rssOutput">RSS Display</div>
</body>
</html>
getrs.php
<?php
ini_set("display_errors",1); error_reporting(E_ALL);
//get the q parameter from URL
$q = intval($_GET['q']);
$con=mysqli_connect("localhost","user","password","table");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = "SELECT * FROM users WHERE id ='".$q."'";
$result = mysqli_query($con,$query);
while($row = mysqli_fetch_array($result))
{
$id = $row['id'];
$xml = $row['info2'];
$xmlDoc = new DOMDocument();
$xmlDoc->load($xml);
//get elements from "<channel>"
$channel=$xmlDoc->getElementsByTagName('channel')->item(0);
$channel_title = $channel->getElementsByTagName('title')
->item(0)->childNodes->item(0)->nodeValue;
$channel_link = $channel->getElementsByTagName('link')
->item(0)->childNodes->item(0)->nodeValue;
$channel_desc = $channel->getElementsByTagName('description')
->item(0)->childNodes->item(0)->nodeValue;
//output elements from "<channel>"
echo("<p><a href='" . $channel_link
. "'>" . $channel_title . "</a>");
echo("<br>");
echo($channel_desc . "</p>");
//get and output "<item>" elements
$x=$xmlDoc->getElementsByTagName('item');
for ($i=0; $i<=2; $i++) {
$item_title=$x->item($i)->getElementsByTagName('title')
->item(0)->childNodes->item(0)->nodeValue;
$item_link=$x->item($i)->getElementsByTagName('link')
->item(0)->childNodes->item(0)->nodeValue;
$item_desc=$x->item($i)->getElementsByTagName('description')
->item(0)->childNodes->item(0)->nodeValue;
echo ("<p><a href='" . $item_link
. "'>" . $item_title . "</a>");
echo ("<br>");
echo ($item_desc . "</p>");
}
}
?>