这是我的第一篇文章,希望有人会帮我解决这个问题。我有这样的MySQL查询:JavaScript将价值传递给php查询
$query_history = "
SELECT ProductProvider AS NameSS, type, StoreOpinionDate AS dating
FROM cd_stores
WHERE UserFID = '".$row_Profile['UserFID']."'
UNION ALL
SELECT BrandName AS NameSS, type, BrandOpinionDate AS dating
FROM cd_brandopinions
WHERE UserFID = '".$row_Profile['UserFID']."'
UNION ALL
SELECT CommentTitle AS NameSS, type, CommentDate AS dating
from cd_comments
WHERE UserFID = '".$row_Profile['UserFID']."'
UNION ALL
SELECT brands.ProductBrand AS NameSS, type, date AS dating
from brandtrack INNER JOIN brands
WHERE UserFID = '".$row_Profile['UserFID']."' and brandtrack.BrandID = brands.BrandID
ORDER BY dating DESC
LIMIT 9
";
和follwing的javascript:
<script type="text/javascript" src="../admin/config/js/jquery/jquery-1.3.2.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$("#loadmorebutton").click(function(){
$('#loadmorebutton').html('<img src="facebook_style_loader.gif" />');
$.ajax({
url: "facebook_style_ajax_more.php?lastid=" + $(".postitem:last").attr("dating"),
success: function(html){
if(html){
$("#postswrapper").append(html);
$('#loadmorebutton').html('Load More');
}else{
$('#loadmorebutton').replaceWith('<center>No more posts to show.</center>');
}
}
});
});
});
</script>
现在的问题是,当我的形式按内提交按钮值“约会”从MySQL查询不上acebook_style_ajax_more通过。使用上面的JavaScript和Im获得空值传递的PHP页面。我需要改变JS代码内部的工作吗?
感谢
哇 - 你需要保护你对SQL注入的查询,你最好解决您的AJAX发行前http://php.net/manual/en/阅读本security.database.sql-injection.php – JohnJohnGa
我们可以看到你的html代码片段吗?至少 –
我修改以下脚本http://hycus.com/2011/03/16/load-more-like-facebook-or-old-twitter-using-php-mysql-jquery/和JohnJohn,这只是测试的例子不是活的脚本,我熟悉注射,我只是链接查询举例 –