0

可能的重复:
PHP:我应该如何转义将进入 Javascript 字符串的字符串?

我有一个角色的情况。如果我输入一段文本(一个问题),其中包含多个字符,例如:

!\"�$%^& ()-=\'.,:;/?#~ /\\><

然后我突然收到一条错误消息:

语法错误:未终止的字符串文字

然后它在控制台中显示:

parent.addwindow('!/;

我的问题是我可以更改下面代码中的任何内容以允许这些字符用于问题吗?

下面是代码:

if (!empty($_GET['searchQuestion']) && ($terms = preg_split('/\s+/', $_GET['questioncontent'], -1, PREG_SPLIT_NO_EMPTY))) {

    // A temp array to hold the terms after they have been constructed
    $termArray = array();

    // We'll need to use this a few times so we'll cache it
    $numTerms = count($terms);

    // Loop $terms and create an array of strings that can be used with LIKE clauses
    foreach ($terms as $term) {
      // The str_replace() allows users to include literal % and _ in the search terms
      $termArray[] = '%'.str_replace(array('%', '_'), array('\%', '\_'), $term).'%';
    }

    // Build the query
    $questionquery = "
SELECT DISTINCT q.QuestionContent, o.OptionType, q.NoofAnswers, GROUP_CONCAT(an.Answer ORDER BY an.Answer SEPARATOR ' ') AS Answer, r.ReplyType, 
       q.QuestionMarks 
  FROM Answer an 
  INNER JOIN Question q ON q.AnswerId = an.AnswerId
  JOIN Reply r ON q.ReplyId = r.ReplyId 
  JOIN Option_Table o ON q.OptionId = o.OptionId 
      WHERE ".implode(" AND ", array_fill(0, $numTerms, "q.QuestionContent LIKE ?"))."
      GROUP BY q.QuestionId, q.SessionId
      ORDER BY ".implode(", ", array_fill(0, $numTerms, "IF(q.QuestionContent LIKE ?, 1, 0) DESC"))."
    ";

    // Make the referenced array
    $referencedArray = make_values_referenced(array_merge(
      array(str_repeat("ss", $numTerms)), // types
      $termArray,                         // where
      $termArray                          // order by
    ));

    // ...or die() is evil in production but I shall assume we are debuggin so I won't complain
    if (!$stmt = $mysqli->prepare($questionquery)) {
      die("Error preparing statement: $mysqli->error"); 
    }

    // Bind parameters
    if (!call_user_func_array(array($stmt, 'bind_param'), make_values_referenced($referencedArray))) {
      die("Error binding parameters: $stmt->error"); 
    }

    // Execute
    if (!$stmt->execute()) {
      die("Error executing statement: $stmt->error"); 
    }

    // This will hold the search results
    $searchResults = array();
    $searchOption = array();
    $searchNoofAnswers = array();
    $searchAnswer = array();
    $searchReply = array();
    $searchMarks = array();

    // Fetch the results into an array
    if (!$stmt->num_rows()) {
      $stmt->bind_result($dbQuestionContent,$dbOptionType,$dbNoofAnswers,$dbAnswer,$dbReplyType,$dbQuestionMarks); 
      while ($stmt->fetch()) {
        $searchResults[] = $dbQuestionContent;
        $searchOption[] = $dbOptionType;
        $searchNoofAnswers[] = $dbNoofAnswers;
        $searchAnswer[] = $dbAnswer;
        $searchReply[] = $dbReplyType;
        $searchMarks[] = $dbQuestionMarks;
      }
    }

  }

if (isset($_GET['searchQuestion'])) {

  // If $terms is not empty we did a query
  if (!empty($terms)) {

      $questionnum = sizeof($searchResults);

      foreach ($searchResults as $key=>$question) {

        echo '<tr class="questiontd"><td>'.json_encode($question).'</td>';
        echo '<td class="optiontypetd">'.json_encode($searchOption[$key]).'</td>';
        echo '<td class="noofanswerstd">'.json_encode($searchNoofAnswers[$key]).'</td>';
        echo '<td class="answertd">'.json_encode($searchAnswer[$key]).'</td>';
        echo '<td class="noofrepliestd">'.json_encode($searchReply[$key]).'</td>';
        echo '<td class="noofmarkstd">'.json_encode($searchMarks[$key]).'</td>';
        echo "<td class='addtd'><button type='button' class='add' onclick=\"parent.addwindow('$question','$searchMarks[$key]','$searchNoofAnswers[$key]','$searchOption[$key]','$searchReply[$key]','$searchAnswer[$key]');\">Add</button></td></tr>";

}
      echo "</table>";


}

您可以在此处查看应用程序:应用程序

当您打开应用程序时,只需单击左侧的绿色加号按钮,即出现模式窗口。

?搜索栏中输入,然后输入搜索。你会看到一堆结果。

现在所有行看起来都很好,除了包含的行,该行中>!\"�$%^&*()-=\'.,:;/?#~*/\\\\><的“添加”按钮被搞砸了,如果你尝试点击那个添加按钮,那么你会得到问题顶部已经提到的错误。

4

1 回答 1

0

你的最后一个echo应该用json_encode(作为javascript的相关部分)编码

echo "<td class='addtd'><button type='button' class='add' onclick=\"parent.addwindow('$question','$searchMarks[$key]','$searchNoofAnswers[$key]','$searchOption[$key]','$searchReply[$key]','$searchAnswer[$key]');\">Add</button></td></tr>";

例子:

... parent.addwindow('".json_encode($question)."', ....
于 2012-10-08T13:45:47.880 回答