我有一个角色的情况。如果我输入一段文本(一个问题),其中包含多个字符,例如:
!\"�$%^& ()-=\'.,:;/?#~ /\\><
然后我突然收到一条错误消息:
语法错误:未终止的字符串文字
然后它在控制台中显示:
parent.addwindow('!/;
我的问题是我可以更改下面代码中的任何内容以允许这些字符用于问题吗?
下面是代码:
if (!empty($_GET['searchQuestion']) && ($terms = preg_split('/\s+/', $_GET['questioncontent'], -1, PREG_SPLIT_NO_EMPTY))) {
// A temp array to hold the terms after they have been constructed
$termArray = array();
// We'll need to use this a few times so we'll cache it
$numTerms = count($terms);
// Loop $terms and create an array of strings that can be used with LIKE clauses
foreach ($terms as $term) {
// The str_replace() allows users to include literal % and _ in the search terms
$termArray[] = '%'.str_replace(array('%', '_'), array('\%', '\_'), $term).'%';
}
// Build the query
$questionquery = "
SELECT DISTINCT q.QuestionContent, o.OptionType, q.NoofAnswers, GROUP_CONCAT(an.Answer ORDER BY an.Answer SEPARATOR ' ') AS Answer, r.ReplyType,
q.QuestionMarks
FROM Answer an
INNER JOIN Question q ON q.AnswerId = an.AnswerId
JOIN Reply r ON q.ReplyId = r.ReplyId
JOIN Option_Table o ON q.OptionId = o.OptionId
WHERE ".implode(" AND ", array_fill(0, $numTerms, "q.QuestionContent LIKE ?"))."
GROUP BY q.QuestionId, q.SessionId
ORDER BY ".implode(", ", array_fill(0, $numTerms, "IF(q.QuestionContent LIKE ?, 1, 0) DESC"))."
";
// Make the referenced array
$referencedArray = make_values_referenced(array_merge(
array(str_repeat("ss", $numTerms)), // types
$termArray, // where
$termArray // order by
));
// ...or die() is evil in production but I shall assume we are debuggin so I won't complain
if (!$stmt = $mysqli->prepare($questionquery)) {
die("Error preparing statement: $mysqli->error");
}
// Bind parameters
if (!call_user_func_array(array($stmt, 'bind_param'), make_values_referenced($referencedArray))) {
die("Error binding parameters: $stmt->error");
}
// Execute
if (!$stmt->execute()) {
die("Error executing statement: $stmt->error");
}
// This will hold the search results
$searchResults = array();
$searchOption = array();
$searchNoofAnswers = array();
$searchAnswer = array();
$searchReply = array();
$searchMarks = array();
// Fetch the results into an array
if (!$stmt->num_rows()) {
$stmt->bind_result($dbQuestionContent,$dbOptionType,$dbNoofAnswers,$dbAnswer,$dbReplyType,$dbQuestionMarks);
while ($stmt->fetch()) {
$searchResults[] = $dbQuestionContent;
$searchOption[] = $dbOptionType;
$searchNoofAnswers[] = $dbNoofAnswers;
$searchAnswer[] = $dbAnswer;
$searchReply[] = $dbReplyType;
$searchMarks[] = $dbQuestionMarks;
}
}
}
if (isset($_GET['searchQuestion'])) {
// If $terms is not empty we did a query
if (!empty($terms)) {
$questionnum = sizeof($searchResults);
foreach ($searchResults as $key=>$question) {
echo '<tr class="questiontd"><td>'.json_encode($question).'</td>';
echo '<td class="optiontypetd">'.json_encode($searchOption[$key]).'</td>';
echo '<td class="noofanswerstd">'.json_encode($searchNoofAnswers[$key]).'</td>';
echo '<td class="answertd">'.json_encode($searchAnswer[$key]).'</td>';
echo '<td class="noofrepliestd">'.json_encode($searchReply[$key]).'</td>';
echo '<td class="noofmarkstd">'.json_encode($searchMarks[$key]).'</td>';
echo "<td class='addtd'><button type='button' class='add' onclick=\"parent.addwindow('$question','$searchMarks[$key]','$searchNoofAnswers[$key]','$searchOption[$key]','$searchReply[$key]','$searchAnswer[$key]');\">Add</button></td></tr>";
}
echo "</table>";
}
您可以在此处查看应用程序:应用程序
当您打开应用程序时,只需单击左侧的绿色加号按钮,即出现模式窗口。
在?搜索栏中输入,然后输入搜索。你会看到一堆结果。
现在所有行看起来都很好,除了包含的行,该行中>!\"�$%^&*()-=\'.,:;/?#~*/\\\\><的“添加”按钮被搞砸了,如果你尝试点击那个添加按钮,那么你会得到问题顶部已经提到的错误。