我有一个带引号的情况。如果我输入一段带有单引号的文本(一个问题),例如:
格林先生的狗叫什么名字?
然后我突然收到一条错误消息:
语法错误:参数列表后缺少 )
然后它在控制台中显示:
parent.addwindow('格林先生的狗叫什么?, '5', '1', 'AD', 'Single', 'A');
我的问题是我可以更改下面代码中的任何内容以允许问题单引号吗?另外,我上面的一些列实际上是 int 数据类型,那么如何删除它们周围的单引号?最后,还有其他可能在未来引起问题的角色吗?(双引号、句号、逗号等)
我不太清楚问题出在哪里,所以我发布了主要代码,以便您找到问题所在。(如果您知道问题出在哪里,请告诉我问题出在哪里,以便我可以删除除相关代码之外的所有代码,以便我可以减少代码供将来用户查看):
<script type="text/javascript">
function trim (el) {
el.value = el.value.
replace (/(^\s*)|(\s*$)/gi, ""). // removes leading and trailing spaces
replace (/[ ]{2,}/gi," "). // replaces multiple spaces with one space
replace (/\n +/,"\n"); // Removes spaces after newlines
return;
}
</script>
<?php
function make_values_referenced (&$arr) {
// The fact the you even need to do this is exactly why I recommend PDO_mysql
// over MySQLi
$refs = array();
foreach ($arr as $key => $value) {
$refs[$key] = &$arr[$key];
}
return $refs;
}
// Determine whether to do database query
// Using preg_split() prevents empty search terms
if (!empty($_GET['searchQuestion']) && ($terms = preg_split('/\s+/', $_GET['questioncontent'], -1, PREG_SPLIT_NO_EMPTY))) {
// A temp array to hold the terms after they have been constructed
$termArray = array();
// We'll need to use this a few times so we'll cache it
$numTerms = count($terms);
// Loop $terms and create an array of strings that can be used with LIKE clauses
foreach ($terms as $term) {
// The str_replace() allows users to include literal % and _ in the search terms
$termArray[] = '%'.str_replace(array('%', '_'), array('\%', '\_'), $term).'%';
}
// Build the query
$questionquery = "
SELECT DISTINCT q.QuestionContent, o.OptionType, q.NoofAnswers, GROUP_CONCAT(an.Answer ORDER BY an.Answer SEPARATOR ' ') AS Answer, r.ReplyType,
q.QuestionMarks
FROM Answer an
INNER JOIN Question q ON q.AnswerId = an.AnswerId
JOIN Reply r ON q.ReplyId = r.ReplyId
JOIN Option_Table o ON q.OptionId = o.OptionId
WHERE ".implode(" AND ", array_fill(0, $numTerms, "q.QuestionContent LIKE ?"))."
GROUP BY q.QuestionId, q.SessionId
ORDER BY ".implode(", ", array_fill(0, $numTerms, "IF(q.QuestionContent LIKE ?, 1, 0) DESC"))."
";
// Make the referenced array
$referencedArray = make_values_referenced(array_merge(
array(str_repeat("ss", $numTerms)), // types
$termArray, // where
$termArray // order by
));
// ...or die() is evil in production but I shall assume we are debuggin so I won't complain
if (!$stmt = $mysqli->prepare($questionquery)) {
die("Error preparing statement: $mysqli->error");
}
// Bind parameters
if (!call_user_func_array(array($stmt, 'bind_param'), make_values_referenced($referencedArray))) {
die("Error binding parameters: $stmt->error");
}
// Execute
if (!$stmt->execute()) {
die("Error executing statement: $stmt->error");
}
// This will hold the search results
$searchResults = array();
$searchOption = array();
$searchNoofAnswers = array();
$searchAnswer = array();
$searchReply = array();
$searchMarks = array();
// Fetch the results into an array
if (!$stmt->num_rows()) {
$stmt->bind_result($dbQuestionContent,$dbOptionType,$dbNoofAnswers,$dbAnswer,$dbReplyType,$dbQuestionMarks);
while ($stmt->fetch()) {
$searchResults[] = $dbQuestionContent;
$searchOption[] = $dbOptionType;
$searchNoofAnswers[] = $dbNoofAnswers;
$searchAnswer[] = $dbAnswer;
$searchReply[] = $dbReplyType;
$searchMarks[] = $dbQuestionMarks;
}
}
}
$inputValue = !empty($terms) ? htmlspecialchars(implode(' ', $terms)) : '';
if (isset($_GET['searchQuestion'])) {
// If $terms is not empty we did a query
if (!empty($terms)) {
$questionnum = sizeof($searchResults);
// If $searchResults is not empty we got results
if (!empty($searchResults)) {
echo "<p>Your Search: '$inputValue'</p>";
echo"<p>Number of Questions Shown from the Search: <strong>$questionnum</strong></p>";
echo "<table border='1' id='resulttbl'>
<tr>
<th class='questionth'>Question</th>
<th class='optiontypeth'>Option Type</th>
<th class='noofanswersth'>Number of <br/> Answers</th>
<th class='answerth'>Answer</th>
<th class='noofrepliesth'>Number of <br/> Replies</th>
<th class='noofmarksth'>Number of <br/> Marks</th>
</tr>";
foreach ($searchResults as $key=>$question) {
echo '<tr class="questiontd"><td>'.htmlspecialchars($question).'</td>';
echo '<td class="optiontypetd">'.htmlspecialchars($searchOption[$key]).'</td>';
echo '<td class="noofanswerstd">'.htmlspecialchars($searchNoofAnswers[$key]).'</td>';
echo '<td class="answertd">'.htmlspecialchars($searchAnswer[$key]).'</td>';
echo '<td class="noofrepliestd">'.htmlspecialchars($searchReply[$key]).'</td>';
echo '<td class="noofmarkstd">'.htmlspecialchars($searchMarks[$key]).'</td>';
echo "<td class='addtd'><button type='button' class='add' onclick=\"parent.addwindow('$question','$searchMarks[$key]','$searchNoofAnswers[$key]','$searchOption[$key]','$searchReply[$key]','$searchAnswer[$key]');\">Add</button></td></tr>";
}
echo "</table>";
}
}
?>