开发者

AJAX PHP and mysql

I've been working awhile this is a simple issue I know. For some reason when I get to the webpage all I get is a drop down and no results actually get rendered. What is supposed to happen is the user will choose from a drop down menu one of the users they want to view from a mysql table. Then the table will be populated with that users information and presented to the user. Table information follows.

I have 7 items in my database. All of them denoted by the primary key idUsers. Valid records are numbers 1,3,4,5,6,7,16 because data has been deleted and or added to the database. Then the Subjects Name follows (SubjectName) then thier pre and post stress levels (PreStressLvl, PostStressLvl) the date of the test (TestDate) and the name of the person who administered the test (ProctorName)

Now the HTML frontpage index.html

<html>
<head>
<script type="text/javascript">
function showUser(str)
{
if (str=="")
  {
  document.getElementById("txtHint").innerHTML="";
  return;
  }
if (window.XMLHttpRequest)
  {// code for IE7+, Firefox, Chrome, Opera, Safari
  xmlhttp=new XMLHttpRequest();
  }
else
  {// code for IE6, IE5
  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  }
xmlhttp.onreadystatechange=function()
  {
 if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
    document.getElementById("txtHint").innerHTML=xmlhttp.responseText;
    }
  }
xmlhttp.open("GET","oldgetuser1.php?q="+str,true);
xmlhttp.send();    }
</script>
</head>
<body>

<form>
<select name="users" onchange="showUser(this.value)">
<option value=""> Select Subject:</option>
<option value="1"> Geoff Jones</option>
<option value="3"> Kandy Cane</option>
<option value="4"> Robery Ostby</option>
<option value="5"> Joomla Joseph</option>
<option value="6"> Jack Killgore</option>
<option value="7"> Mighty Duck</option>
<option value="16"> Carolyn Spencer<开发者_JS百科;/option>

</select>
</form>
<br />
<div id="textHint"><b>Info will be listed here.</b></div>
</body>
</html>

Here is the PHP for oldgetuser1.php

<?php
$q=$_GET["q"];
$con = mysql_connect('localhost','n00592629','carolyn');
if (!$con)
{
echo 'connection Failed.';
exit;
}
mysql_select_db("n00592629", $con);
$sql="SELECT * FROM SUBJECTS WHERE idUsers='".$q."'";

$result = mysql_query($sql);

echo "<table border='1'>
<tr>
<td>idUsers</td>
<td> SubjectName</td>
<td> PreStressLvl</td>
<td> PostStressLvl</td>
<td> TestDate</td>
<td> ProctorName</td>
</tr>";

while ($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td> value='$row[0]'</td><td>
value='$row[1]'</td><td>
value='$row[2]'</td><td>
value='$row[3]'</td><td>
value='$row[4]'</td><td>
value='$row[5]'</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);

?>

Any help would be much appreciated.


You should check your code. I created the files you mentioned, with an abbreviated logic (did not create a database rather used a matrix to test it). Check the line that says:

document.getElementById("txtHint").innerHTML=xmlhttp.responseText;

It should say

document.getElementById("textHint").innerHTML=xmlhttp.responseText;

(textHint and not txtHint), becase the getElementById gets null and you cant tell .innerHTML to null

Also i read the @Ethan answer and it points out a really big problem (if you are planning to use this with real data on an open system). You could use something like

$q = mysql_real_scape($_GET['q']);

to avoid big problems. This is not a perfect solution but its something at least.


Haven't read the whole post, but i'm seeing a huge SQL injection issue... If this is anything but development, you should validate what comes in through $_GET['q']. Would be easy for someone to send a command straight through to your database.

And looking through the code, it looks like your div id is wrong; should be 'txtHint'.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜