I'm having difficulties passing an apostrophe into my autocomplete. The database contains entries that do not have apostrophes...instead the html equivalent is being used (&POUND039;). I'm still very new to ajax so I really appreciate the help. The question is, how do I pass in the value of an apostrophe and have it match? Also, is my code susceptible to an injection attack? Thanks in advance for your help!
The code is like this:
<script type="text/javascript">
var options = {
serviceUrl:'autocomplete/autoQuery.php',
minChars:2,
delimiter: /(,|;)\s*/, // regex or character
maxHeight:400,
width:500,
zIndex: 9999,
deferRequestBy: 0, //miliseconds
params: { country:'Yes' }, //aditional parameters
noCache: false, //default is false, set to true to disable caching
// callback function:
// onSelect: function(value, data){ alert('You selected: ' + value + ', ' + data); },
onSelect: function(value, data){ window.location = "textbooks.php?bk=" + data;}
};
$('#query').autocomplete(options);
</script>
I have a php script sending back the query results. The page is called query.php and the code there is this:
$get = htmlentities($_GET['query']);
$query = "SELECT title,author,id,isbn10,isbn13 FROM textbook
WHERE title LIKE '%" . $get . "%'
OR author LIKE '" . $get . "%'
OR isbn10 LIKE '" . $get . "%'
OR isbn13 LIKE '" . $get . "%'
LIMIT 5
";
$result = mysql_query($query,$connection);
if(mysql_num_rows($result) == 0){
$resString = "'No result found. Click here',";
$idString = "'unknown',";
}else{
$resString = "";
$idString = "";
while($data = mysql_fetch_array($result)){
$resString .= "'" . $data['title'] . " by " . $data['author'] . "',";
$idString .= "'" . $data['id'] . "',";
}
}
$resString = rtrim($resString, ',');
$idString = rtrim($idString, ',');
$code = "{
";
$code .= "query:'" . $get . "',
";
$code .= "suggestions:[" . $resString . "],
";
$code .= "data:[" . $idString . "]
";
$code .= "}";
echo $code;