使用 jQuery .post 动态更改 PHP 文件中的 MYSQL 查询?
我已经尝试这个有一段时间了,我需要帮助。基本上我有一个查询数据库的 PHP 文件,我想根据登录的用户名更改查询。
我的网站上发生的情况是,用户使用 Twitter Oauth 登录,我可以显示他们的详细信息(twitter 用户名等)。我有一个用户已添加信息的数据库,我希望发生的是当用户使用 Twitter Oauth 登录时,我可以使用 jQuery 获取用户用户名并更新 mysql 查询以仅显示以下结果: user_name = 该特定用户名。
目前mysql查询是:
"SELECT * FROM markers WHERE user_name = 'dave'"
我尝试过类似的操作:
"SELECT * FROM markers WHERE user_name = '$user_name'"
在PHP文件的其他地方我有$user_name = $_POST['user_name'];。在一个单独的文件(用户通过 Twitter 登录后被重定向到的文件)中,我有一些像这样的 jQuery:
$(document).ready(function(){
$.post('phpsqlinfo_resultb.php',{user_name:"<?PHP echo $profile_name?>"})});
$profile_name 已在该页面的前面定义。
我知道我显然做错了什么,我仍在学习。有没有办法实现我想要的使用 jQuery 将用户用户名发布到 PHP 文件以更改 mysql 查询以仅显示与登录用户相关的结果。我已将 PHP 文件包含在下面的查询中:
<?php
// create a new XML document
//$doc = domxml_new_doc('1.0');
$doc = new DomDocument('1.0');
//$root = $doc->create_element('markers');
//$root = $doc->append_child($root);
$root = $doc->createElement('markers');
$root = $doc->appendChild($root);
$table_id = 'marker';
$user_name = $_POST['user_name'];
// Make a MySQL Connection
include("phpsqlinfo_addrow.php");
$result = mysql_query("SELECT * FROM markers WHERE user_name = '$user_name'")
or die(mysql_error());
// process one row at a time
//header("Content-type: text/xml");
header('Content-type: text/xml; charset=utf-8');
while($row = mysql_fetch_assoc($result)) {
// add node for each row
$occ = $doc->createElement($table_id);
$occ = $root->appendChild($occ);
$occ->setAttribute('lat', $row['lat']);
$occ->setAttribute('lng', $row['lng']);
$occ->setAttribute('type', $row['type']);
$occ->setAttribute('user_name', utf8_encode($row['user_name']));
$occ->setAttribute('name', utf8_encode($row['name']));
$occ->setAttribute('tweet', utf8_encode($row['tweet']));
$occ->setAttribute('image', utf8_encode($row['image']));
} // while
$xml_string = $doc->saveXML();
$user_name2->response;
echo $xml_string;
?>
这是与我尝试做的谷歌地图混搭一起使用的。如果您能帮助我,非常感谢。如果我的问题不够清楚,请说出来,我会尽力为您澄清。我确信这是一个简单的修复,我只是相对缺乏经验。我已经这样做了两天,不幸的是我的时间不多了。
Been trying this for quite a while now and I need help. Basically I have a PHP file that queries database and I want to change the query based on a logged in users name.
What happens on my site is that a user logs on with Twitter Oauth and I can display their details (twitter username etc.). I have a database which the user has added information to and I what I would like to happen is when the user logs in with Twitter Oauth, I could use jQuery to take the users username and update the mysql query to show only the results where the user_name = that particular users name.
At the moment the mysql query is:
"SELECT * FROM markers WHERE user_name = 'dave'"
I've tried something like:
"SELECT * FROM markers WHERE user_name = '$user_name'"
And elsewhere in the PHP file I have $user_name = $_POST['user_name'];. In a separate file (the one in which the user is redirected to after they log in through Twitter) I have some jQuery like this:
$(document).ready(function(){
$.post('phpsqlinfo_resultb.php',{user_name:"<?PHP echo $profile_name?>"})});
$profile_name has been defined earlier on that page.
I know i'm clearly doing something wrong, i'm still learning. Is there a way to achieve what I want using jQuery to post the users username to the PHP file to change the mysql query to display only the results related to the user that is logged in. I've included the PHP file with the query below:
<?php
// create a new XML document
//$doc = domxml_new_doc('1.0');
$doc = new DomDocument('1.0');
//$root = $doc->create_element('markers');
//$root = $doc->append_child($root);
$root = $doc->createElement('markers');
$root = $doc->appendChild($root);
$table_id = 'marker';
$user_name = $_POST['user_name'];
// Make a MySQL Connection
include("phpsqlinfo_addrow.php");
$result = mysql_query("SELECT * FROM markers WHERE user_name = '$user_name'")
or die(mysql_error());
// process one row at a time
//header("Content-type: text/xml");
header('Content-type: text/xml; charset=utf-8');
while($row = mysql_fetch_assoc($result)) {
// add node for each row
$occ = $doc->createElement($table_id);
$occ = $root->appendChild($occ);
$occ->setAttribute('lat', $row['lat']);
$occ->setAttribute('lng', $row['lng']);
$occ->setAttribute('type', $row['type']);
$occ->setAttribute('user_name', utf8_encode($row['user_name']));
$occ->setAttribute('name', utf8_encode($row['name']));
$occ->setAttribute('tweet', utf8_encode($row['tweet']));
$occ->setAttribute('image', utf8_encode($row['image']));
} // while
$xml_string = $doc->saveXML();
$user_name2->response;
echo $xml_string;
?>
This is for use with a google map mashup im trying to do. Many thanks if you can help me. If my question isn't clear enough, please say and i'll try to clarify for you. I'm sure this is a simple fix, i'm just relatively inexperienced to do it. Been at this for two days and i'm running out of time unfortunately.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
首先,您应该转义直接插入到查询中的 $_POST:
正如 Erik 建议的那样,不要将最有用的警告扔出窗口 - 很可能答案会立即弹出。
但我不太确定你的混搭的工作方式。如果您只在 php 本身中完成所有操作,完全省略 javascript,那么事情会变得容易得多。您可能还想检查 OAuth 回调 - 应该为您提供 Twitter ID 或用户名。
At first, you should escape the $_POST you're inserting straight to the query:
As Erik suggests, don't throw out of the window the most useful warnings - most probably the answer will pop right ahead then.
But what I'm not quite sure about is the way your mashup works. It could get a lot easier if you just do all the stuff inside the php itself, omitting javascript at all. You might also want to check OAuth callbacks - should give you twitter id or user name.
没有什么问题:
除了 SQL 注入已经成熟之外 - 它应该可以工作。您可能想直接在数据库上尝试查询,看看结果是否符合您的预期。
我还建议在开发过程中打开错误报告。将以下行添加到文档顶部:
它将帮助您发现许多错误。
There's nothing wrong with:
Other then being ripe for SQL injection - it should work. You may want to try your query directly on the database and see if the results are what you expect.
I'd also recommend turning on error reporting during development. Add the following lines to the top of your document:
and it will help you uncover many errors.