duanquan1207 2017-07-06 10:20
浏览 13
已采纳

php ajax错误...没有显示数据

///this is the form part .where i am trying get data from database and show it in "txt" part.the script part is in same file and getService.php is in the same directory as this file.why showing nothing when i select something.

<form>
<select name="parent">
<option selected="users" onchange="showService(this.value)">Select a Service:</option>
<?php
$res=$mysqli->query("SELECT * FROM service");
while($row=$res->fetch_array())
{
  ?>
    <option value="<?php echo $row['id']; ?>"><?php echo $row['name']; ?></option>
    <?php
}
?>
</select>
</br>

</form>



<div id="txt"><b>Service info will be show here...</b></div>


    </center>

    </div>

//script part. in same file.

<script>
function showService(str) {
    if (str == "") {
        document.getElementById("txtHint").innerHTML = "";
        return;
    } else { 
        if (window.XMLHttpRequest) {
            // code for IE7+, Firefox, Chrome, Opera, Safari
            xmlhttp = new XMLHttpRequest();
        } else {
            // code for IE6, IE5
            xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
        }
        xmlhttp.onreadystatechange = function() {
            if (this.readyState == 4 && this.status == 200) {
                document.getElementById("txt").innerHTML = this.responseText;
            }
        };
        xmlhttp.open("GET","getService.php?q="+str,true);
        xmlhttp.send();
    }
}
</script>

//getService.php

<?php

session_start();
include_once'db_connect.php';


?>

<!DOCTYPE html>
<html>
<head>
<style>
table {
    width: 100%;
    border-collapse: collapse;
}

table, td, th {
    border: 1px solid black;
    padding: 5px;
}

th {text-align: left;}
</style>
</head>
<body>

<?php
$q = intval($_GET['q']);

$sql="SELECT * FROM service WHERE id = '".$q."'";
$result = mysqli_query($mysqli,$sql);

echo "<table>
<tr>

<th>id</th>
<th>Service name</th>
<th>Detail</th>

</tr>";
while($row = mysqli_fetch_array($result)) {
    echo "<tr>";
    echo "<td>" . $row['id'] . "</td>";
    echo "<td>" . $row['name'] . "</td>";
    echo "<td>" . $row['detail'] . "</td>";
    echo "</tr>";
}
echo "</table>";
mysqli_close($mysqli);
?>

</body>
</html>
  • 写回答

1条回答 默认 最新

  • duandingqi9442 2017-07-06 10:59
    关注

    There are a number of issues with your code. In order of direct relevance to your question:

    1) onchange="showService(this.value)" should be an attribute of the <select> not the first <option>. So it isn't firing the change event at all, meaning your ajax call never runs.

    2) document.getElementById("txtHint") is wrong (in two places) - you don't have any element with this ID in your HTML. document.getElementById("txt") should work.

    3) Your getService.php should not return a whole new HTML page (with DocType, html, body tags etc) to insert inside a div in another page, this is not really valid markup. Instead return only the <table> part which is actually required to go within the specific part of the main page. If you need the CSS which is in getService.php, move it into your main page, or a separate CSS file which is included in the main page.

    4) You process q as an int (using intval()) but then pass it to mySQL as if it is a string (by putting single quotes around it in the SQL statement). If the id field in your database is an integer, this will cause the values not to be considered equal to each other and so no results will be returned. If this is the case then you should remove the single quotes.

    5) However, point 4 above is a symptom of another problem, in that you should not be adding variables into your query simply by joining PHP strings together. This leaves you vulnerable to SQL Injection attacks where a malicious user could steal, corrupt or delete your data by inserting SQL into the variable itself. Instead you should use parameterised queries to guard against this, and also remove the potential for problems as described in point 4. http://bobby-tables.com/ is a good resource which explains both the dangers of injection attacks and contains resources explaining how to use parameterised queries and other techniques to guard against it, including examples using PHP. This is a good habit to get into now and will safeguard the data in your application.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
  • ¥15 数据可视化Python
  • ¥15 要给毕业设计添加扫码登录的功能!!有偿
  • ¥15 kafka 分区副本增加会导致消息丢失或者不可用吗?
  • ¥15 微信公众号自制会员卡没有收款渠道啊
  • ¥15 stable diffusion
  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘