查询不适用于URL内部的放大器
[英]Query doesn't work with amp inside URL
问题描述
Let me explain this as best as I can. 
让我尽我所能地解释一下。
I have PHP file named funcs.php in which is exactly this PHP code: 我有一个名为funcs.php的PHP文件,其中正是这个PHP代码:
$q = $_GET["q"];
$sql = "SELECT * FROM bl_zrify WHERE Name = '".$q."'";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result))
{
if ($row['State'] == '') {
$SchoolState = 'Unknown';
}
else if ($row['State'] == 'AL') {
$SchoolState = 'Alabama';
}
else if ($row['State'] == 'AK') {
$SchoolState = 'Alaska';
}
else if ($row['State'] == 'AZ') {
$SchoolState = 'Arizona';
}
else if ($row['State'] == 'AR') {
$SchoolState = 'Arkansas';
}
print 'This school is in';
print $SchoolState;
}
When I call in my browser: 当我在浏览器中打电话时:
url example => http://www.domain.com/funcs.php?q=ABRAHAM BALDWIN AGRICULTURAL COLLEGE url example => http://www.domain.com/funcs.php?q=ABRAHAM BALDWIN AGRICULTURAL COLLEGE
It normally works and returns => This school is in Alabama 它通常工作和返回=>这所学校在阿拉巴马州
But when when i call in my browser any URL which have & 但是当我在浏览器中调用任何带有& (&) inside, won't work at all: (&)内部,根本不起作用:
url example => http://www.domain.com/funcs.php?q=BRYANT & STRATTON BUSINESS INSTITUTE - BUFFALO url example => http://www.domain.com/funcs.php?q=BRYANT&STRATTON BUSINESS INSTITUTE - BUFFALO
I don't know why, but for some reasson I get no results when there is amp (&) in URL, please HELP! 我不知道为什么,但是对于某些原因,当URL中有放大器(&)时我得不到任何结果,请帮助!
2 个解决方案
解决方案1
3 已采纳 2011-10-15 00:29:21
funcs.php?q=BRYANT & STRATTON BUSINESS INSTITUTE - BUFFALO
You are passing two variables. 你传递了两个变量。 Do a var_dump($_GET); 做一个var_dump($_GET); and you will see. 你会看到的。
You probably meant: 你可能意味着:
funcs.php?q=BRYANT+%26+STRATTON+BUSINESS+INSTITUTE+-+BUFFALO
To pass values for parameters in URLs, they need the proper encoding. 要传递URL中参数的值,它们需要正确的编码。 Also called url-encoding. 也称为url-encoding。 & is a special character that needs to be written as %26 , space is a special character as well, can be written as + or %2b . &是一个需要写成%26的特殊字符,空格也是一个特殊字符,可以写成+或%2b 。 Also called percent- or triplet-encoding. 也称为百分比或三重编码。
A function in PHP that does this is: urlencode Docs . PHP中的一个函数是: urlencode Docs 。
In any case you need to properly encode as well the search term for the SQL query, otherwise you allow others to alter the SQL query and do stuff like searching more than you want and even delete your database. 在任何情况下,您都需要正确编码SQL查询的搜索项,否则您允许其他人更改SQL查询并执行搜索超出您想要的内容甚至删除您的数据库。 That's a more serious issue than losing half a variable's value. 这比丢失一半变量值更严重。
See: Best way to stop SQL Injection in PHP 请参阅: 在PHP中停止SQL注入的最佳方法
解决方案2
1 2011-10-15 00:28:25
'&' separates URL parameters. '&'分隔网址参数。 Your second query has a parameter q that's equal to "BRYANT " and a parameter STRATTON BUSINESS… that has no value. 您的第二个查询的参数q等于“BRYANT”,参数STRATTON BUSINESS…没有任何值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.