2

我正在使用一个非常简单的模型应用程序来查询数据库并在地图上显示结果。应用程序向服务器发送一个GEThttprequest,该服务器返回一个序列化的值数组。httprequest的基本结构是:

httpRequest.open("GET","handle-query.php?query=" + queryJs)

并且,另一方面:

$queryPhp = $_GET["query"];

当查询看起来像这样时......

["SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Centre'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Kara'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Maritime'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Plateaux'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Savanes'"]

...然后将其正确传递给服务器,并生成响应。但是,当查询看起来像这样时......

["SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Sotouboua'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Tchamba'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Tchaoudjo'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Assoli'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Bassar'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Bimah'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Doufelgou'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Keran'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Kozah'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Golfe'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Lacs'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Vo'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Yoto'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Zio'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Amou'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Haho'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Kloto'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Ogou'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Wawa'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Oti'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Tone'"]

...然后服务器收到一个空字符串。这两个字符串都是由相同的函数生成的,并且都可以在我的虚拟服务器 (WAMP) 上完美运行。如果有人有任何想法,将不胜感激。

(PS阅读后我意识到我应该使用一个更好的清理框架等,但这只是一个需要在线生活2小时的演示,修复这个小东西比重新开始更好. 它在我的本地主机上完美运行。)

4

1 回答 1

2

要真正回答您的问题,您将作为query(handle-query.php?query=) 发送一个 get 参数,然后将其作为queryJS(queryJs) 拉出。

$_GET['query'] // instead of $_GET['queryJs']

应该这样做。

(正如每个人都指出的那样,不要以明文或其他方式发送 SQL,除非您打算不实际执行 SQL,并且您只是想宣传您的数据库结构,也许它就是那么漂亮。)

于 2012-12-11T21:40:39.227 回答