如何使用jQuery POST将变量从JavaScript传递给PHP [英] How to pass variable from JavaScript to PHP using jQuery POST
问题描述
我从页面chat.php中的以下Javascript函数传递变量 sessionnum
:
I am passing the variable sessionnum
from the following Javascript function in the page chat.php:
$(document).ready(function(){
timestamp = 0;
updateMsg();
$("form#chatform").submit(function(){
$.post("backend.php",{
message: $("#msg").val(),
name: author,
action: "postmsg",
time: timestamp,
tablename1: sessionnum
}, function(xml) {
$("#msg").empty();
addMessages(xml);
document.forms['chatform'].reset()
fixScroll();
});
return false;
});
});
到backend.php中的以下PHP函数:
To the following PHP function in backend.php:
if(@$action == "postmsg") {
mysql_query("INSERT INTO `$tablename1` (`user`,`msg`,`time`)
VALUES ('$name','$message',".time().")",$dbconn);
mysql_query("DELETE FROM `$tablename1` WHERE id <= ".
(mysql_insert_id($dbconn)-$store_num),$dbconn);
}
$messages = mysql_query("SELECT user,msg
FROM `$tablename1`
WHERE time>$time
ORDER BY id ASC
LIMIT $display_num",$dbconn);
仅当我对诸如 $ tablename1 =的作业进行硬编码时才有效在backend.php中有100
,即使变量及其值都是整数和相同的值。这个hack是不可接受的,因为我实际上必须传递变量。我的代码中是否有错误?
It only works when I hard-code an assignment such as $tablename1 = 100
in backend.php even though both the variable and its value are integers and the same value. This hack is not acceptable, as I actually have to pass the variable. Is there a bug in my code?
此代码改编自 http://articles.sitepoint.com/article/ajax-jquery/3
感谢任何帮助张贴使用jQuery正确变量。
Thanks for any help POSTING the variable correctly with jQuery.
推荐答案
尝试将POST变量更改为 $ _ POST ['variable_name']
。您使用的语法依赖于全局变量注册。这是一项功能,a)默认情况下未启用,b)启用时会产生重大安全风险。因此,请尝试将服务器端代码更改为:
Try changing the POST variables to $_POST['variable_name']
. You're using a syntax that relies on globals being registered as variables. This is a feature that is a) not enabled by default and b) poses a major security risk when it is enabled. Thus, try changing your server-side code to:
$action = $_POST['action'];
$tablename1 = mysql_real_escape_string($_POST['tablename1']);
$name = mysql_real_escape_string($_POST['name']);
$message = mysql_real_escape_string($_POST['message']);
if(@$action == "postmsg") {
mysql_query("INSERT INTO `$tablename1` (`user`,`msg`,`time`)
VALUES ('$name','$message',".time().")",$dbconn);
mysql_query("DELETE FROM `$tablename1` WHERE id <= ".
(mysql_insert_id($dbconn)-$store_num),$dbconn);
}
$messages = mysql_query("SELECT user,msg
FROM `$tablename1`
WHERE time>$time
ORDER BY id ASC
LIMIT $display_num",$dbconn);
请注意,为了防止某些SQL注入,您在SQL中使用的变量使用 mysql_real_escape_string对问题(用户可能更改)进行了转义。
Note that, in order to prevent some SQL injections, the variables that you're using in your SQL queries (that the user can potentially change) have been escaped using mysql_real_escape_string.
这篇关于如何使用jQuery POST将变量从JavaScript传递给PHP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!