问题描述
1:我知道我的数据库非常混乱,但是我没有访问权限.我知道它们是笨拙的.
1 : I know my db is pretty mess-up, but I DON'T HAVE ACCES. I know they are crappy builded.
2:有我的数据库和我的2个表:http://www.freeimagehosting.net/iu741
2 : There is my database and my 2 tables:http://www.freeimagehosting.net/iu741
3:我有3个动力学列表,前2个还可以,但是我的第3个有问题.
3 : I got 3 dynamics lists, the first 2 are ok, but I got problem at my Third one.
4:我对该字段的爆炸做得很好(22312,123,2145,1233),然后我获得了这些结果,并通过json_encode将其发送到我的JS,然后我的JS将这些样式重新发送到我的select/options.我的结果是:http://www.freeimagehosting.net/gltie
4 : My explode are well done of this field (22312,123,2145,1233) then i take those results and i send them by json_encode to my JS, and my JS send those resylts to my select/options. My result are: http://www.freeimagehosting.net/gltie
5:所以我想保留此列表的功能,以便将数字放在值中,但将旅馆的名称放在选项中(可见).
5: So I want to keep this list fonctionnal, to put the number in value, but the name of the hostel in option (visible).
我的代码JS:
$(function(){
$('#destination').change(function(){
$.getJSON('/dev/select2.php', {'destination': $(this).val()}, function(data) {
var items = '';
$.each(data, function(key, val) {
items += '<option value="' + val + '">' + val + '</option>';
});
$('#hotel').html(items);
});
});
});
我的代码php:
$requete = "SELECT DISTINCT deHotels FROM sirev_Dests WHERE deDestName = '". $_GET['destination'] ."' ORDER BY deDestName";
$connect = mysql_connect("&&&&&&","&&&&&&","&&&&&&");
mysql_select_db("&&&&&&", $connect);
$res = mysql_query($requete) or die(mysql_error());
if ($res) {
$row = mysql_fetch_assoc($res);
$items = explode(',', $row['deHotels']);
/*
$newrequete = "SELECT hoName FROM sirev_Hotels WHERE hoCode = $items ";
$donewrequete = mysql_query($newrequete) or die(mysql_error());
*/
die(json_encode($items));
}
实际上,我很难在我的JS上发送好的结果.我可以在值和选项中发送数字,但是我不知道如何构造一个二维表并将其发送给我的json编码...我暂时将我的SECOND请求放入纪念中.
So actually, i got difficulty to send the good result at my JS. I can send the number in value and in option, but i dont know how to construct a 2 dimensional table and send it my json encode... i put my SECOND request in commment for the moment.
有人可以帮助我吗?我希望对我的英语足够清楚.抱歉,我来自魁北克市.
Can some one help me? I hope im enough clear..sorry for my english by the way, im from Quebec city.
推荐答案
-
您的代码容易受到SQL注入的攻击.您确实应该使用,您将变量作为无法传递给SQL的参数传递给它们.如果您不知道我在说什么或如何解决它,请阅读鲍比表.
Your code is vulnerable to SQL injection. You really should be using prepared statements, into which you pass your variables as parameters that do not get evaluated for SQL. If you don't know what I'm talking about, or how to fix it, read the story of Bobby Tables.
请停止使用古老的MySQL扩展名编写新代码:该代码已不再维护,社区开始了弃用过程.相反,您应该使用改进的 MySQLi 扩展名或 PDO 抽象层.
Please stop writing new code with the ancient MySQL extension: it is no longer maintained and the community has begun the deprecation process. Instead you should use either the improved MySQLi extension or the PDO abstraction layer.
了解 SQL连接.
您确实应该努力将您的架构更改为:
You really should endeavour to change your schema to have either:
-
hotels表中的目标外键(如果一个旅馆与一个以上的目标相关联);或
a destination foreign key in the hotels table (if a hotel is associated with no more than one destination); or
ALTER TABLE sirev_Hotels
ADD COLUMN hoDestination INT,
ADD FOREIGN KEY hoDestination REFERENCES sirev_Dests (deDestCode)
目的地-酒店关系表(如果一家酒店可以与多个目的地关联).
a table of destination-hotel relations (if a hotel can be associated with multiple destinations).
CREATE TABLE sirev_DestinationHotels (
dehoDestination INT,
dehoHotel INT,
FOREIGN KEY dehoDestination REFERENCES sirev_Dests (deDestCode),
FOREIGN KEY dehoHotel REFERENCES sirev_Hotels (hoCode)
)
如果不可能,则可以使用MySQL的 FIND_IN_SET()
用作连接条件:
If that is not possible, you can use MySQL's FIND_IN_SET()
function as a join criterion:
SELECT hoCode, hoName
FROM sirev_Hotels
JOIN sirev_Dests ON FIND_IN_SET(sirev_Hotels.hoCode, sirev_Dests.deHotels)
WHERE sirev_Dests.deDestName = ?
已加入表格并获得所需目的地中所有酒店的hoCode
和hoName
,您可以使用 htmlentities()
适当.
Having joined the tables and obtained the hoCode
and hoName
of all hotels in your desired destination, you can loop over the resultset outputting <option value="$hoCode">$hoName</option>
, applying htmlentities()
as appropriate.
这篇关于双重要求mysql/php for ajax的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!