使用Php Ajax的Livesearch - 需要帮助!
问题描述:
尝试使用ajax/php进行实时搜索(ajax)。我有(2)个文件,index.php和searching.php。我已经编写了初始查询来搜索数据库,以查找输入时给定的字段。为了执行ajax(即搜索),我需要使用php和ajax来实现这一点。我已经实现了$ query变量来搜索框中的任何3个值(例如“输入一个名称”等)。任何人?我就这一个:)使用Php Ajax的Livesearch - 需要帮助!
的index.php有点绝望
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="global.css" media="screen" />
<link rel="stylesheet" href="design.css" media="screen" />
<style type="text/css">
.hidden {
display: none;
}
</style>
<script type="text/javascript" src="inc/jquery.js"> </script>
<script type="text/javascript">$(function() {$('input[type=text]').focus(function() {$(this).val('')});});</script>
<script type="text/javascript">
$(document).ready(function(){
$("input[type=radio]").click(function(){
$(".box").val(this.value);
});
});
</script>
</head>
<body>
<div id="top_wrapper_bg">
<div id="wrapper_top">
<div id="header">
<div id="logo">
<a href="index.php"><img src="img/logo-02-01-11.png" alt="logo-02-01-11" width="300" height="100" border="0" /></a>
</div><!-- /logo -->
<div id="header_image">
right
</div><! -- /header_image -->
<div id="clear"> </div><! -- /clear -->
<div id="nav">
nav
</div><! -- /nav -->
</div><!-- /header-->
</div><!-- /wrapper_top -->
</div><!-- /top_wrapper_bg -->
<div id="header_search_break"> </div>
<div id="bot_wrapper_bg">
<div id="wrapper_bottom">
<div id="search">
<span class="medfont">Search by:</span>
<form id="searchSelect" action="searching.php">
<input type="radio" name="search_value" value="Enter Professor Name">Professor
<input type="radio" name="search_value" value="Enter Course (e.g. COM 310)">Course
<input type="radio" name="search_value" value="Enter Major (e.g. Business)">Major
</form>
<br>
<input class="box" type="text" size="25" name="searchQuery" value="Select an option..." class="textField clearMeFocus" />
</div><!-- /search -->
<div id="latest_stats">
<p>Stats</p>
</div><!-- /latest_stats -->
<div id="clear"> </div>
<div id="contain_stats">
<div id="latest_prof">
latest prof
</div><!-- /latest_prof -->
<div id="top_prof">
top prof
</div><!-- /top_prof -->
<div id="clear"> </div><! -- /clear -->
</div><!-- /contain_stats -->
<br><br><br><br><br><br><br><br>
</div><!-- /wrapper_bottom -->
</div><!-- /bot_wrapper_bg -->
</body>
</html>
searching.php
<?php
require_once('dbconnec.php');
$query = $_POST['search_value'];
SELECT profID, fName, lName FROM professor WHERE fName OR lName LIKE $query; // search for professor ajax livesearch code
SELECT courseID, name, primaryCode, secondaryCode FROM course WHERE courseID OR name OR primaryCode or secondaryCode LIKE $query; // search for course ajax livesearch code
SELECT name FROM department WHERE name LIKE $query; // search by dept ajax livesearch code
?>
答
header("Cache-Control: no-cache, no-store, must-revalidate"); if(isset($_GET['nme'])){
$ NME = $ _GET [ 'NME']; $ query =“select * from users where full_name like'%”。Sanitize($ _ GET ['nme'])。“%'”; $ result = mysql_query($ query);
消毒()是由以防范SQL注入
然后在你输入我自己的函数,你应该有平变化=“搜索(THIS.VALUE)”>
+0
你介意告诉我如何做到这一点? – Jshee 2011-03-14 15:17:32
看来你的'searching.php'容易受到[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)攻击。请在SQL查询中使用[prepared statements](http://php.net/manual/en/pdo.prepared-statements.php),以确保您不会将整个数据库暴露给攻击者。 – sarnold 2011-03-14 01:54:49