duanquan1207
2017-07-06 10:20
浏览 13

php ajax错误...没有显示数据

///this is the form part .where i am trying get data from database and show it in "txt" part.the script part is in same file and getService.php is in the same directory as this file.why showing nothing when i select something.

<form>
<select name="parent">
<option selected="users" onchange="showService(this.value)">Select a Service:</option>
<?php
$res=$mysqli->query("SELECT * FROM service");
while($row=$res->fetch_array())
{
  ?>
    <option value="<?php echo $row['id']; ?>"><?php echo $row['name']; ?></option>
    <?php
}
?>
</select>
</br>

</form>



<div id="txt"><b>Service info will be show here...</b></div>


    </center>

    </div>

//script part. in same file.

<script>
function showService(str) {
    if (str == "") {
        document.getElementById("txtHint").innerHTML = "";
        return;
    } else { 
        if (window.XMLHttpRequest) {
            // code for IE7+, Firefox, Chrome, Opera, Safari
            xmlhttp = new XMLHttpRequest();
        } else {
            // code for IE6, IE5
            xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
        }
        xmlhttp.onreadystatechange = function() {
            if (this.readyState == 4 && this.status == 200) {
                document.getElementById("txt").innerHTML = this.responseText;
            }
        };
        xmlhttp.open("GET","getService.php?q="+str,true);
        xmlhttp.send();
    }
}
</script>

//getService.php

<?php

session_start();
include_once'db_connect.php';


?>

<!DOCTYPE html>
<html>
<head>
<style>
table {
    width: 100%;
    border-collapse: collapse;
}

table, td, th {
    border: 1px solid black;
    padding: 5px;
}

th {text-align: left;}
</style>
</head>
<body>

<?php
$q = intval($_GET['q']);

$sql="SELECT * FROM service WHERE id = '".$q."'";
$result = mysqli_query($mysqli,$sql);

echo "<table>
<tr>

<th>id</th>
<th>Service name</th>
<th>Detail</th>

</tr>";
while($row = mysqli_fetch_array($result)) {
    echo "<tr>";
    echo "<td>" . $row['id'] . "</td>";
    echo "<td>" . $row['name'] . "</td>";
    echo "<td>" . $row['detail'] . "</td>";
    echo "</tr>";
}
echo "</table>";
mysqli_close($mysqli);
?>

</body>
</html>
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • duandingqi9442 2017-07-06 10:59
    已采纳

    There are a number of issues with your code. In order of direct relevance to your question:

    1) onchange="showService(this.value)" should be an attribute of the <select> not the first <option>. So it isn't firing the change event at all, meaning your ajax call never runs.

    2) document.getElementById("txtHint") is wrong (in two places) - you don't have any element with this ID in your HTML. document.getElementById("txt") should work.

    3) Your getService.php should not return a whole new HTML page (with DocType, html, body tags etc) to insert inside a div in another page, this is not really valid markup. Instead return only the <table> part which is actually required to go within the specific part of the main page. If you need the CSS which is in getService.php, move it into your main page, or a separate CSS file which is included in the main page.

    4) You process q as an int (using intval()) but then pass it to mySQL as if it is a string (by putting single quotes around it in the SQL statement). If the id field in your database is an integer, this will cause the values not to be considered equal to each other and so no results will be returned. If this is the case then you should remove the single quotes.

    5) However, point 4 above is a symptom of another problem, in that you should not be adding variables into your query simply by joining PHP strings together. This leaves you vulnerable to SQL Injection attacks where a malicious user could steal, corrupt or delete your data by inserting SQL into the variable itself. Instead you should use parameterised queries to guard against this, and also remove the potential for problems as described in point 4. http://bobby-tables.com/ is a good resource which explains both the dangers of injection attacks and contains resources explaining how to use parameterised queries and other techniques to guard against it, including examples using PHP. This is a good habit to get into now and will safeguard the data in your application.

    已采纳该答案
    打赏 评论

相关推荐 更多相似问题