Ajax搜索未在引号上运行

Question

我有这个PHP脚本，当有人在表单中输入文本并按提交时运行。问题是，当键入'或"时，脚本未运行。我也希望它也能搜索到。

搜索脚本：

if(isset($_POST["name"]) === true && empty($_POST["name"]) === false) { 

    $getFullName = $db->prepare("SELECT * FROM `users` WHERE `name` LIKE (:name)"); 
    $getFullName->execute(array(":name" => "%" . $_POST["name"] . "%")); 
    $results = $getFullName->fetchAll(); 

    $count = 0; 

    foreach($results as $row): 

     $count++; 

     echo $row["name"]; 

    endforeach; 

    if($count == 0){ 

     echo "Couldn't find anything."; 

    } 

    } 

jQuery的：

$('input#name-submit').on('click', function() { 


    var name = $('input#name').val(); 
    if ($(name) != '') { 

     $.post('ajax/searchName.php', {name: name}, function(data) { 

      $('div#name-data').text(data); 

     }); 

    } 


}); 

提前感谢！

请注意，我也尝试过htmlspecialchars($_POST["name"]）和htmlentities($_POST["name"])

Answer 1

您可以编码使用encodeURIComponent()每个值，就像这样：

$('input#name-submit').on('click', function() { 
    var name = $('input#name').val(); 
    if (name != '') { 
     $.post('ajax/searchName.php', {"name": encodeURIComponent(name)}, function(data) { 
      $('div#name-data').text(data); 
     }); 
    } 
}); 

您还可以使用escape()

escape(name) 

Answer 2

尝试类似这

mysql_real_escape_string($_POST["name"]; 

参考

http://php.net/manual/en/function.mysql-real-escape-string.php

也会改变该

var name = $('input#name').val(); 
if (name != '') { // don't use $(name) 
    $.post('ajax/searchName.php', {name: name}, function(data) { 
     $('div#name-data').text(data); 
    }); 
} 

Answer 3

只需使用base64_encode javascript和解码可以使用base64_decode PHP

BASE64_ENCODE JavaScript代码

function base64_encode (data) { 
    // http://kevin.vanzonneveld.net 
    // + original by: Tyler Akins (http://rumkin.com) 
    // + improved by: Bayron Guevara 
    // + improved by: Thunder.m 
    // + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) 
    // + bugfixed by: Pellentesque Malesuada 
    // + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) 
    // + improved by: Rafał Kukawski (http://kukawski.pl) 
    // *  example 1: base64_encode('Kevin van Zonneveld'); 
    // *  returns 1: 'S2V2aW4gdmFuIFpvbm5ldmVsZA==' 
    // mozilla has this native 
    // - but breaks in 2.0.0.12! 
    //if (typeof this.window['btoa'] === 'function') { 
    // return btoa(data); 
    //} 
    var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz/="; 
    var o1, o2, o3, h1, h2, h3, h4, bits, i = 0, 
    ac = 0, 
    enc = "", 
    tmp_arr = []; 

    if (!data) { 
    return data; 
    } 

    do { // pack three octets into four hexets 
    o1 = data.charCodeAt(i++); 
    o2 = data.charCodeAt(i++); 
    o3 = data.charCodeAt(i++); 

    bits = o1 << 16 | o2 << 8 | o3; 

    h1 = bits >> 18 & 0x3f; 
    h2 = bits >> 12 & 0x3f; 
    h3 = bits >> 6 & 0x3f; 
    h4 = bits & 0x3f; 

    // use hexets to index into b64, and append result to encoded string 
    tmp_arr[ac++] = b64.charAt(h1) + b64.charAt(h2) + b64.charAt(h3) + b64.charAt(h4); 
    } while (i < data.length); 

    enc = tmp_arr.join(''); 

    var r = data.length % 3; 

    return (r ? enc.slice(0, r - 3) : enc) + '==='.slice(r || 3); 

} 

你只是把这个功能，并通过你的名字为这种格式

var encoded = base64_encode (name); 

然后你只需发送该编码的变量为您阿贾克斯

PHP页面

<?php 
$encodedname = $_POST['name']; 
$name = base64_decode($encoded); //You got good result 
?>