[英]First character of a string fusionning with a %
So i'm sending a String with javascript to a php page : 因此,我将带有javascript的字符串发送到php页面:
if(cp.value!=''){
s+=cp.name +" LIKE '%"+ cp.value +"%'";
console.log(s);
if(sec.value!=''){
s+=" AND "+sec.name+" LIKE '%"+ sec.value +"%'";
console.log(s);
}
}
else{
if(sec.value!=''){disappear
s+=sec.name+" LIKE '%"+ sec.value +"%'";
}
}
console.log(s);
if(s.length!=0){
var connect = new XMLHttpRequest();
connect.onreadystatechange=function(){
if (connect.readyState==4 && connect.status==200){
var resu=connect.responseText;
console.log(resu);
var tab=document.getElementById("main_tab");
tab.innerHTML=resu;
}
};
connect.open("POST","../../Controller/stage.php",false);
connect.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
connect.send("s="+s);
}
} }
The string sent is for exemple : 发送的字符串用于示例:
CP_Stage LIKE '%90%' AND secteur_stage LIKE '%ait%'
CP_Stage LIKE'%90%'和secteur_stage LIKE'%ait%'
But when i print the request in the php page i have something like : 但是,当我在php页面中打印请求时,我有类似以下内容:
SELECT * FROM Stage WHERE CP_Stage LIKE ' %' AND secteur_stage LIKE '%ait%';
SELECT * FROM Stage WHERE CP_Stage LIKE'%'和secteur_stage LIKE'%ait%';
i have no idea why my first number disappear with the first %. 我不知道为什么我的第一个数字以第一个%消失。 If anyone have an idea it would be awesome, thanks !
如果有人有想法,那就太好了,谢谢!
The percent-sign is a special charcter. 百分号是一个特殊字符。 Any special characters like %,&,?
是否有%,&,等特殊字符? etc need to be encoded.
等需要进行编码。 Your "%90" is converted to an Ascii-Value.
您的“%90”将转换为Ascii值。 You have to encode these values with encodeURIComponent.
您必须使用encodeURIComponent对这些值进行编码。
s += cp.name + " LIKE '" + encodeURIComponent("%" + cp.value + "%") + "'";
Note that encodeURIComponent does not escape the '
character. 请注意,encodeURIComponent不会转义
'
字符。 If your cp.value has an '
you have to replace it with its encoding value: %27
. 如果cp.value带有
'
,则必须将其替换为其编码值: %27
。
By the way.. its a bad idea to send mySQL-queries from client-side - thats a major security flaw. 顺便说一句..从客户端发送mySQL查询不是一个好主意-那是一个主要的安全漏洞。 Send only the values and build your queries on server-side.
仅发送值并在服务器端构建查询。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.