Ajax搜索未在引號上運行

Question

我有這個PHP腳本，當有人在表單中輸入文本並按提交時運行。問題是，當鍵入'或"時，腳本未運行。我也希望它也能搜索到。

搜索腳本：

if(isset($_POST["name"]) === true && empty($_POST["name"]) === false) { 

    $getFullName = $db->prepare("SELECT * FROM `users` WHERE `name` LIKE (:name)"); 
    $getFullName->execute(array(":name" => "%" . $_POST["name"] . "%")); 
    $results = $getFullName->fetchAll(); 

    $count = 0; 

    foreach($results as $row): 

     $count++; 

     echo $row["name"]; 

    endforeach; 

    if($count == 0){ 

     echo "Couldn't find anything."; 

    } 

    } 

jQuery的：

$('input#name-submit').on('click', function() { 


    var name = $('input#name').val(); 
    if ($(name) != '') { 

     $.post('ajax/searchName.php', {name: name}, function(data) { 

      $('div#name-data').text(data); 

     }); 

    } 


}); 

提前感謝！

請注意，我也嘗試過htmlspecialchars($_POST["name"]）和htmlentities($_POST["name"])

Answer 1

您可以編碼使用encodeURIComponent()每個值，就像這樣：

$('input#name-submit').on('click', function() { 
    var name = $('input#name').val(); 
    if (name != '') { 
     $.post('ajax/searchName.php', {"name": encodeURIComponent(name)}, function(data) { 
      $('div#name-data').text(data); 
     }); 
    } 
}); 

您還可以使用escape()

escape(name) 

Answer 2

嘗試類似這

mysql_real_escape_string($_POST["name"]; 

參考

http://php.net/manual/en/function.mysql-real-escape-string.php

也會改變該

var name = $('input#name').val(); 
if (name != '') { // don't use $(name) 
    $.post('ajax/searchName.php', {name: name}, function(data) { 
     $('div#name-data').text(data); 
    }); 
} 

Answer 3

只需使用base64_encode javascript和解碼可以使用base64_decode PHP

BASE64_ENCODE JavaScript代碼

function base64_encode (data) { 
    // http://kevin.vanzonneveld.net 
    // + original by: Tyler Akins (http://rumkin.com) 
    // + improved by: Bayron Guevara 
    // + improved by: Thunder.m 
    // + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) 
    // + bugfixed by: Pellentesque Malesuada 
    // + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) 
    // + improved by: Rafał Kukawski (http://kukawski.pl) 
    // *  example 1: base64_encode('Kevin van Zonneveld'); 
    // *  returns 1: 'S2V2aW4gdmFuIFpvbm5ldmVsZA==' 
    // mozilla has this native 
    // - but breaks in 2.0.0.12! 
    //if (typeof this.window['btoa'] === 'function') { 
    // return btoa(data); 
    //} 
    var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz/="; 
    var o1, o2, o3, h1, h2, h3, h4, bits, i = 0, 
    ac = 0, 
    enc = "", 
    tmp_arr = []; 

    if (!data) { 
    return data; 
    } 

    do { // pack three octets into four hexets 
    o1 = data.charCodeAt(i++); 
    o2 = data.charCodeAt(i++); 
    o3 = data.charCodeAt(i++); 

    bits = o1 << 16 | o2 << 8 | o3; 

    h1 = bits >> 18 & 0x3f; 
    h2 = bits >> 12 & 0x3f; 
    h3 = bits >> 6 & 0x3f; 
    h4 = bits & 0x3f; 

    // use hexets to index into b64, and append result to encoded string 
    tmp_arr[ac++] = b64.charAt(h1) + b64.charAt(h2) + b64.charAt(h3) + b64.charAt(h4); 
    } while (i < data.length); 

    enc = tmp_arr.join(''); 

    var r = data.length % 3; 

    return (r ? enc.slice(0, r - 3) : enc) + '==='.slice(r || 3); 

} 

你只是把這個功能，並通過你的名字爲這種格式

var encoded = base64_encode (name); 

然後你只需發送該編碼的變量爲您阿賈克斯

PHP頁面

<?php 
$encodedname = $_POST['name']; 
$name = base64_decode($encoded); //You got good result 
?>