1. 首頁
  2. 問答
  3. 填充與各省的下拉菜單,基於文本輸入字段

填充與各省的下拉菜單,基於文本輸入字段

2013-01-23 72 views
0

我有顯示用戶信息的簡單用戶的表如當前國家和省。填充與各省的下拉菜單,基於文本輸入字段

<td><b>Country</b></td> 
     <td width="331"> 
     <form method="post" action=""> 
     <div id="countryList" style="vertical-align:top; display:inline-block; float:left;"><?=$country?></div> 
     <input type="submit" name="submitCountry" id="submitCountry" class="ui-icon ui-icon-disk" style="border:none; display:none; background-color:transparent; float:right; vertical-align:top;" /> 
     </td> 
     <td width="336">&nbsp;</td> 
     </tr> 
     <tr> 
     <td><b>Province</b></td> 
     <td> 
     <div id="provinceList" style="vertical-align:top; display:inline-block; float:left;"><?=$province?></div> 
     </form> 
     </td>

當用戶點擊他們的國家中,DIV轉換爲一個輸入框與自動完成,並啓動一個AJAX請求到數據庫。這允許用戶鍵入一個國家,它將顯示在列表中。

jQuery代碼:

$("#countryList").click(function(){ 

      $("#submitCountry").css("display", "inline"); 

      //check if there are any existing input elements 
      if ($(this).children("input").length == 0){ 


       //variable that contains input HTML to replace 
       var inputbox = "<input type='text' id='countryList' class='inputbox' name='country' value=\""+$(this).text()+"\">";  
       //insert the HTML intp the div 
       $(this).html(inputbox);   

       //automatically give focus to the input box  
       $(".inputbox").focus(); 

       //maintain the input when it changes back to a div 
       $(".inputbox").blur(function(){ 
        $("#submitCountry").css("display", "none"); 

        var value = $(this).val(); 
        $("#country").val(value); 
        $("#countryList").text(value); 

       }); 
      } 


      //Once input box is displayed assign it the autocomplete method 
      $("input#countryList").autocomplete ({ 
       //set a few options, and select source data 
       minLength : 2, 
       source : function (request, callback) 
       { 
        //variable that will carry the request 'term' from url 
        var data = { term : request.term }; 

        //ajax method to call pho script 
        $.ajax ({ 
         url : "getCountry.php", 
         data : data, 
         complete : function (xhr, result) 
         { 
          //if returns empty, then exit out 
          if (result != "success") return; 

          //otherwise get response and fill country array 
          var response = xhr.responseText; 
          var country = []; 
          //filter each li item 
          $(response).filter ("li").each (function() 
          { 
          //display li item inline 
          country.push ($(this).text()); 
          }); 
          //display country list 
          callback (country); 
         } 

        }); 
       } 

      }); 
if ($("#provinceList").children("input").length == 0){ 

       var selectbox = "<select id='selectProv' name='selectProv'></select> "; 

       $("#provinceList").html(selectbox); 

       var datastring = { term : request.term }; 
       $.ajax({ 
        url: "getProvince.php", 
        data: datastring, 
        success: function(html){ 
         $(".selectProv").html(html); 
        } 
       }) 
      }

的getCountry.php文件如下。是的,我知道,我需要保護自己免受SQL注入。目前我的課程還沒有那麼遠(我是一名學生)。

這裏是getCountry.php

<?php 

$term = $_REQUEST["term"]; 
$term = utf8_decode ($term); 
$dbUser = "admin"; 
$dbPass = "pass"; 
$dbName = "testdb"; 
$bd = mysql_connect ("localhost", $dbUser, $dbPass); 
$ret = mysql_select_db ($dbName, $bd); 
$query = sprintf ("SELECT * FROM Country WHERE Name LIKE '%%" . $term . "%%'", mysql_real_escape_string($term)); 

//send query string to DB 
$result = mysql_query($query); 

//if result returns a value 
if ($result != NULL){ 

    // Use the result (sent to the browser) 
    while ($row = mysql_fetch_assoc($result)){ 

     echo ("<li>" . utf8_encode ($row["Name"]) . " (" . utf8_encode ($row["Code"]) . ")</li>"); 

    } 

    mysql_free_result($result); 
} 

mysql_close ($bd); 

?>

getProvince.php 該代碼將被用於查詢數據庫,並生成一個下拉菜單。我知道這段代碼有效,因爲我可以導航到它,並將它傳遞給一個字符串,它將生成我需要的下拉列表。問題在於它在整個應用程序中不起作用。

<?php 

$term = $_REQUEST["term"]; 
$term = utf8_decode ($term); 
$dbUser = "admin"; 
$dbPass = "pass"; 
$dbName = "testdb"; 
$bd = mysql_connect ("localhost", $dbUser, $dbPass); 
$ret = mysql_select_db ($dbName, $bd); 
$query = sprintf ("SELECT * FROM Country WHERE Name LIKE '%%" . $term . "%%'", mysql_real_escape_string($term)); 

//send query string to DB 
$result = mysql_query($query); 

//if result returns a value 
if ($result != NULL){ 

    $row = mysql_fetch_assoc($result); 
    $code = $row['Code']; 

    $sql = "SELECT DISTINCT District FROM City WHERE CountryCode='$code'"; 

    $result = mysql_query($sql); 

    ?> 
    <option>Select State/Province</option> 
    <?php while($row=mysql_fetch_array($result)){ 

     echo "<option value=" . $row['District'] . ">" . $row['District'] . "</option>"; 
    } 

    mysql_free_result($result); 
} 

mysql_close ($bd);

上述代碼在某種程度上起作用。我能夠得到國家文本框來正確查詢數據庫並執行自動填充方法,但是結果並不像我想要的那樣填充省份的下拉列表!在此先感謝

來源

2013-01-23 massimorai

回答

1

您的查詢不被消毒!!!!!!!!!!!!!!!!!,沒有被正確地連接在一起,可以更簡單地做到這一點:

$query = "SELECT * FROM Country WHERE Name LIKE '%" . mysql_real_escape_string($term) . "%'";

請務必淨化你的投入,它甚至比有工作的腳本更重要的,因爲你是冒着數據庫完整性

另外這行應進行消毒,不要緊串接值來自數據庫

$sql = "SELECT DISTINCT District FROM City WHERE CountryCode='" . mysql_real_escape_string($code) . "'";

釷E採用行應該是:

$.ajax({ 
       url: "getProvince.php", 
       data: datastring, 
       success: function(html){ 
        $("#selectProv").html(html); 
       } 
      });

.selectProv改爲#selectProv手段 '身份證'。手段「類」)

來源

2013-01-23 18:50:51 Xocoatzin

+0

感謝你爲這個,但是這個問題必須更深入紮根,因爲它並沒有解決我的問題 – massimorai

+0

這很難說,我推薦你使用Firefox的Firebug或DeveloperTools Chrome瀏覽器(菜單 - >工具 - >開發工具),您可以在其中檢查DOM,調試Javascript並檢查服務器標題和響應。 – Xocoatzin

相關問題

 相關問題