堆栈内存溢出
  简体   繁体   English

与%融合的字符串的第一个字符

[英]First character of a string fusionning with a %

 原文  2017-05-03 12:47:18       javascript/ php/ html/ sql

问题描述

So i'm sending a String with javascript to a php page : 因此,我将带有javascript的字符串发送到php页面: 

if(cp.value!=''){
    s+=cp.name +" LIKE '%"+ cp.value +"%'";
    console.log(s);

    if(sec.value!=''){
        s+=" AND "+sec.name+" LIKE '%"+ sec.value +"%'";
        console.log(s);

    }
}
else{
    if(sec.value!=''){disappear
        s+=sec.name+" LIKE '%"+ sec.value +"%'";
    }
}

console.log(s);
if(s.length!=0){
    var connect = new XMLHttpRequest();
    connect.onreadystatechange=function(){
        if (connect.readyState==4 && connect.status==200){
            var resu=connect.responseText;
            console.log(resu);
            var tab=document.getElementById("main_tab");
            tab.innerHTML=resu;


        }
    };
    connect.open("POST","../../Controller/stage.php",false);
    connect.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
    connect.send("s="+s);

}

} }

The string sent is for exemple : 发送的字符串用于示例:

CP_Stage LIKE '%90%' AND secteur_stage LIKE '%ait%' CP_Stage LIKE'%90%'和secteur_stage LIKE'%ait%'

But when i print the request in the php page i have something like : 但是,当我在php页面中打印请求时,我有类似以下内容:

SELECT * FROM Stage WHERE CP_Stage LIKE ' %' AND secteur_stage LIKE '%ait%'; SELECT * FROM Stage WHERE CP_Stage LIKE'%'和secteur_stage LIKE'%ait%';

i have no idea why my first number disappear with the first %. 我不知道为什么我的第一个数字以第一个%消失。 If anyone have an idea it would be awesome, thanks ! 如果有人有想法,那就太好了,谢谢!

1 个解决方案

解决方案1
 1 已采纳  2017-05-03 13:23:32

The percent-sign is a special charcter. 百分号是一个特殊字符。 Any special characters like %,&,? 是否有%,&,等特殊字符? etc need to be encoded. 等需要进行编码。 Your "%90" is converted to an Ascii-Value. 您的“%90”将转换为Ascii值。 You have to encode these values with encodeURIComponent. 您必须使用encodeURIComponent对这些值进行编码。 

s += cp.name + " LIKE '" + encodeURIComponent("%" + cp.value + "%") + "'";

Note that encodeURIComponent does not escape the ' character. 请注意,encodeURIComponent不会转义'字符。 If your cp.value has an ' you have to replace it with its encoding value: %27 . 如果cp.value带有' ,则必须将其替换为其编码值: %27

By the way.. its a bad idea to send mySQL-queries from client-side - thats a major security flaw. 顺便说一句..从客户端发送mySQL查询不是一个好主意-那是一个主要的安全漏洞。 Send only the values and build your queries on server-side. 仅发送值并在服务器端构建查询。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 替换字符串的第一个字符 - Replace first character of string 删除字符串的第一个字符,如果它是 0 - Delete first character of string if it is 0 检查第一个字符串 - Check First Character String 删除字符串中的第一个字符 - remove first character in string 查找字符后的第一个字符串 - Find the first string after character jQuery-在字符串的第一个字符之后添加字符? - Jquery - Add character after the first character of a string? 获取第一个空格字符和'='字符之间的字符串 - Get string between first space character and '=' character Excel 删除“+”作为字符串的第一个字符 - Excel removes '+' as a first character of a string 如果字符串为0,则从字符串中删除第一个字符 - Remove first character from a string if it is 0 将第一个字符与字符串分开 - separate first character from string
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM