2013-06-12 116 views
0

我有xmlHTTPrequest GET腳本,它工作正常,但由於服務器問題,我不得不將它更改爲POST方法。 我無法獲取$ _POST變量中的值。需要幫助,看看JavaScript是否正確。xmlHTTPrequest POST不起作用

XMLHttpRequest的文件:

<?php include 'accesscontrol.php'; ?> 
    <?php 
     include_once 'db.php'; 
     ?> 
     <html> 
     <head> 
     <title>POST</title> 

     <script type="text/javascript"> 

    function showprodes(str2) 
    { 
    var q2 = str2; 
    if (window.XMLHttpRequest) 
     {// code for IE7+, Firefox, Chrome, Opera, Safari 
     xmlhttp=new XMLHttpRequest(); 
     } 
    else 
     {// code for IE6, IE5 
     xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); 
     } 
     var url = "http://www.amg.in/amogtst/rateprod.php"; 
    xmlhttp.open("POST", url, true); 
    xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); 
    xmlhttp.send(q2); 
    } 


     </script> 


     </head> 
     <body> 
     <? 

      $result2 = mysql_query("SELECT Prod_desc FROM PRODMAST ORDER BY Prod_desc"); 

     echo "<form name='f1'>"; 
     echo "<table width='730' border='0' align='center' cellpadding='0' cellspacing='1'>"; 
     echo " <tr>"; 

     echo " <td colspan='3'>"; 
      echo " <span class='style3'>Gas Type &nbsp;</span> <select name='Proddesc' onchange=\"showprodes(this.value);\"><option value=0>Select a Product</option>"; 
      while($nt2=mysql_fetch_assoc($result2)) 
      {//Array or records stored in $nt 
      echo "<option value='$nt2[Prod_desc]'>$nt2[Prod_desc]</option>"; 
      /* Option values are added by looping through the array */ 
      } 
      echo "</select>";// Closing of list box 

     echo " </td>"; 
     echo " </tr>"; 

     echo "</table>"; 

     echo "</form>"; 
     ?> 

     </body> 
     </html> 
其更新表按照從第一個PHP用戶選擇

秒腳本:rateprod.php文件:

<?php 
    $q2=$_POST['q2']; 

    include_once 'db.php'; 

    mysql_query("UPDATE RATEMASTER_draft SET Prod_desc='$q2'"); 

    ?> 
+2

[如何防止SQL注入](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php) – PeeHaa

+0

@PeeHaa埽不知道如何,pl建議 –

+0

@sridhars他的評論是一個鏈接。他給你一篇文章閱讀... – War10ck

回答

0

試試這個

<?php 
    $q2=$_POST['q2']; 

    include_once 'db.php'; 
//'{$q2}' instead of just '$q2' 
    $thisquery = "UPDATE RATEMASTER_draft SET Prod_desc='{$q2}'"; 
    mysql_query($thisquery); 

    ?>