【问题标题】:Error when using drop menu to change database value使用下拉菜单更改数据库值时出错
【发布时间】:2013-03-10 08:17:59
【问题描述】:

当我选择下拉菜单选项以将数据库中的值更改为所选值时,它会出现此错误:

SyntaxError: missing ) after argument list changeGroup("email@email.com")

基本上我想做的是我有一个存储联系人的应用程序,在未分组的联系人部分它有下拉菜单,当你从中选择一个值时,它会提交值并使用该值来更新数据库。我使用:

action='javascript:changeGroup(".$contactDetails.")

告诉更新语句要更新哪个联系人。

我的代码:

<!--Include Database connections info-->
<?php include('config.php'); ?>

<!--Links to CSS file for formatting-->
<link href="Contacts.css" rel="stylesheet" type="text/css"/>

<!--Links to Javascript file for the for action to change the group of a contact-->
<script src="ajax.js" language="javascript"></script>

<?php

$contactDetails = $_GET['contactDetails'];

    $cdquery="SELECT * FROM `contacts` WHERE `newEmail` = '$contactDetails'";
    $cdresult=mysql_query($cdquery) or die ("Query to get data from first table failed: ".mysql_error());

  while ($row = mysql_fetch_assoc($cdresult)) 
  {

    echo "" . $row['newFname'] . " " . $row['newLname'] . "'s " . "Details:";
    echo "<table>";
    echo "<tr>";
    echo "<th>Name:</th>";
    echo "<th>Email Address:</th>";
    echo "<th>Phone:</th>";
    echo "<th>Postal Address:</th>";
    echo "<th>Group:</th>";
    echo "</tr>";

        echo "<tr>";
        echo "<td>" . $row['newFname'] . " " . $row['newLname'] . "</td>";
        echo "<td>" . $row['newEmail'] . "</td>";
        echo "<td>" . $row['newPhone'] . "</td>";
        echo "<td>" . $row['newAddress'] . "</td>";
        echo "<td>" . $row['group'] . "</td>";
        echo "</tr>";
    }
    echo "</table>";

    echo "<form action='javascript:changeGroup(".$contactDetails.")' method='get'> Add contact to 
    <select id='group' name='group' onchange='this.form.submit(value=this.options[this.selectedIndex].value)'>
    <option>Select a group...</option> 
    <option value='Family'>Family</option> 
    <option value='Friends'>Friends</option> 
    <option value='Colleagues'>Colleagues</option></select>
    group.</form>";

mysql_close($link);

?>

ajax 函数:

function changeGroup(str)
    {
    document.getElementById("content02").innerHTML="";
    if (str=="")
    {
    document.getElementById("content02").innerHTML="";
    return;
    } 
    if (window.XMLHttpRequest)
    {// code for IE7+, Firefox, Chrome, Opera, Safari
    xmlhttp=new XMLHttpRequest();
    }
    else
    {// code for IE6, IE5
    xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
    }
    xmlhttp.onreadystatechange=function()
    {
    if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
    document.getElementById("content02").innerHTML=xmlhttp.responseText;
    document.getElementById("content02").innerHTML = "";
    }
    }
    xmlhttp.open("GET",'getChangeGroup.php?contactChange='+contactChange+'&group='+group,true);
    xmlhttp.send();
    xmlhttp.onreadystatechange = changeReload;
    xmlhttp.send(null);
    }

php:

<!--Include Database connections info-->
<?php include('config.php'); ?>

<!--Links to CSS file for formatting-->
<link href="Contacts.css" rel="stylesheet" type="text/css"/>

<?php

$contactChange = $_GET['contactChange'];
$group = $_GET['group'];

$cdquery="UPDATE `contacts` SET `group` = '$group' WHERE `newEmail` = '$contactChange'";
$cdresult=mysql_query($cdquery) or die ("Query to get data from first table failed: ".mysql_error());

mysql_close($link);

?>

【问题讨论】:

  • 您的代码容易受到注入攻击。

标签: php javascript sql ajax menu


【解决方案1】:

我真的不知道你的代码做了什么,我也没有耐心完全复制它,但就目前而言,你在这一行将一个变量而不是字符串传递给你的函数:

echo "<form action='javascript:changeGroup(".$contactDetails.")' method='get'> Add contact to 

要解决这个问题,您需要将字符串引用为实际字符串:

echo "<form action='javascript:changeGroup(\'".$contactDetails."\')' method='get'> Add contact to 

我认为这是您的主要问题。如果没有这些引号,javascript 会将您的 echoed 变量视为 js 变量,而不是字符串。

关于您的数据库交互...

另外,您正在使用已弃用的.. 并且很快将被删除的数据库交互 API。我推荐PDO替换它,它可以防止注入攻击并且在不久的将来不会被删除,learn more about it here

【讨论】:

  • @Corey 如果此答案解决了您的问题,请点击答案旁边的勾号接受它。
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2018-06-24
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多