英文:
unable $_GET data in PDO using AJAX for product filtering
问题
无法使用PDO和AJAX过滤产品,
下面的代码使用PDO和AJAX从sql加载数据,但是当我尝试根据品牌进行过滤时,它不起作用。尝试调试var_dump方法,但没有帮助。
有人可以帮助我解决问题,我应该如何过滤产品,代码中是否有什么缺失?
HTML
<div class="md-radio my-1">
<input type="radio" class="filter_all cate" name="cate" id="<?php echo str_replace(' ', '', $row['sca']); ?>" value="<?php echo $row['sca']; ?>">
<label for="<?php echo str_replace(' ', '', $row['sca']); ?>">
<?php echo $row['sca']; ?>
</label>
</div>
SCRIPT
$(document).ready(function () {
var flag = 0;
var fetching = false;
var done = false;
function filter_data() {
// 防止并发请求
if (fetching === true) {
return;
}
fetching = true;
var data = {
action: 'fetch_data',
cate: get_filter('cate'),
brand: get_filter('brand'),
model: get_filter('model'),
sort: get_filter('sort'),
date: get_filter('date'),
offset: flag,
limit: 4
};
console.log($.param(data));
$.ajax({
url: "fetch.php?" + $.param(data),
type: 'POST'
})
.done(function (data) {
console.log('data received');
$('.filter_data').append(data); // 追加数据
// 我们到达了末尾,没有更多数据
if (data === '<h3>No Data Found</h3>') {
done = true;
}
flag += 4;
fetching = false; // 再次允许请求
})
.fail(function (error) {
console.log('An error occurred while fetching', error)
// TODO: 处理错误
});
}
function get_filter(class_name) {
var filter = [];
$('.' + class_name + ':checked').each(function () {
filter.push($(this).val());
});
return filter;
}
$('.filter_all').click(function () {
filter_data();
});
filter_data(); // 为了调试目的而注释掉
var $window = $(window);
var $document = $(document);
$window.scroll(function () {
if ((window.innerHeight + window.scrollY) >= document.body.offsetHeight - 300 && fetching === false && done === false) {
console.log('infinite scroll');
filter_data();
}
});
});
PHP
<?php
include("$_SERVER[DOCUMENT_ROOT]/include/config.php");
include("$_SERVER[DOCUMENT_ROOT]/include/function.php");
$query = "SELECT * FROM allpostdata WHERE sts = '1' AND mca='Vehicle'";
if (!empty($_GET['cate'])) {
$query .= " AND sca IN (" . str_repeat("?,", count($_GET['cate']) - 1) . "?)";
} else {
$_GET['cate'] = []; // 如果未设置
}
if (!empty($_GET['brand'])) {
$query .= " AND product_brand IN (" . str_repeat("?,", count($_GET['brand']) - 1) . "?)";
} else {
$_GET['brand'] = []; // 如果未设置
}
if (!empty($_GET['model'])) {
$query .= " AND mdl IN (" . str_repeat("?,", count($_GET['model']) - 1) . "?)";
} else {
$_GET['model'] = []; // 如果未设置
}
if (empty($_GET['sort']) || $_GET['sort'][0] == "date") {
$query .= " ORDER BY pdt DESC";
} elseif ($_GET["sort"][0] == "ASC" || $_GET["sort"][0] == "DESC") {
$query .= " ORDER BY prs " . $_GET['sort'][0];
}
if (isset($_GET['limit'])) {
if (!empty($_GET['offset'])) {
$query .= " LIMIT " . $_GET['limit'] . " OFFSET " . $_GET['offset'];
} else {
$query .= " LIMIT " . $_GET['limit'];
}
}
$stmt = $conn->prepare($query);
$params = array_merge($_GET['cate'], $_GET['brand'], $_GET['model']);
$stmt->execute($params);
$result = $stmt->fetchAll();
$total_row = $stmt->rowCount();
$output = '';
if ($total_row > 0) {
foreach ($result as $row) {
$parameter = $row['pid'];
$hashed = md5($salt . $parameter);
$output .= '<a href="/single_view.php?p=' . $row['id'] . '" class="w-xl-20 w-lg-20 col-md-3 col-6 p-1 p-lg-2">
<div class="card border-0 small">
<img class="card-img-top rounded-0" src="/upload/thumb/' . $row["im1"] . '" alt="Card image cap">
<div class="card-body pb-0 pt-2 px-0">
<h6 class="card-title text-dark text-truncate">' . ucfirst(strtolower($row['tit'])) . '</h6>
<h6 class="card-subtitle mb-1 text-muted text-truncate small">' . $row['product_brand'] . ' / ' . $row['mdl'] . '</h6>
<p class="card-text"><strong class="card-text text-dark text-truncate">₹ ' . $row['prs'] . '</strong></p>' . timeAgo($row['pdt']) . '
</div>
</div>
</a>';
}
} else {
$output = '<h3>No Data Found</h3>';
}
echo $output;
?>
请注意,这是您提供的代码的翻译部分,不包括代码中的注释或其他内容。如果需要更多帮助或解释,请随时提问。
英文:
Unable to filter product using PDOamd AJAX,
Below code loads data form sql using PDO and AJAX but when i try to filter based on Brand it doesn't work. tried debug var_dump method but nothing helps.
Can someone help me to solve, how do i filter product, is there anything missing in code?
HTML
<div class="md-radio my-1">
<input type="radio" class="filter_all cate" name="cate" id="<?php echo str_replace(' ', '', $row['sca']); ?>" value="<?php echo $row['sca'] ?>">
<label for="<?php echo str_replace(' ', '', $row['sca']); ?>">
<?php echo $row['sca']; ?>
</label>
</div>
SCRIPT
$(document).ready(function () {
var flag = 0;
var fetching = false;
var done = false;
function filter_data() {
// prevent concurrent requests
if (fetching === true) {
return;
}
fetching = true;
var data = {
action: 'fetch_data',
cate: get_filter('cate'),
brand: get_filter('brand'),
model: get_filter('model'),
sort: get_filter('sort'),
date: get_filter('date'),
offset: flag,
limit: 4
};
console.log($.param(data));
$.ajax({
url: "fetch.php?" + $.param(data),
type: 'POST'
})
.done(function (data) {
console.log('data received');
$('.filter_data').append(data); // append
// we reached the end, no more data
if (data === '<h3>No Data Found</h3>') {
done = true;
}
flag += 4;
fetching = false; // allow further requests again
})
.fail(function (error) {
console.log('An error occurred while fetching', error)
// TODO: some error handling
});
}
function get_filter(class_name) {
var filter = [];
$('.' + class_name + ':checked').each(function () {
filter.push($(this).val());
});
return filter;
}
$('.filter_all').click(function () {
filter_data();
});
filter_data(); // commented out for debugging purpose
var $window = $(window);
var $document = $(document);
$window.scroll(function () {
if ((window.innerHeight + window.scrollY) >= document.body.offsetHeight - 300 && fetching === false && done === false) {
console.log('infinite scroll');
filter_data();
}
});
});
PHP
<?php
include("$_SERVER[DOCUMENT_ROOT]/include/config.php");
include("$_SERVER[DOCUMENT_ROOT]/include/function.php");
$query = "SELECT * FROM allpostdata WHERE sts = '1' AND mca='Vehicle'";
if (!empty($_GET['cate'])) {
$query .= " AND sca IN (" . str_repeat("?,", count($_GET['cate']) - 1) . "?)";
} else {
$_GET['cate'] = []; // in case it is not set
}
if (!empty($_GET['brand'])) {
$query .= " AND product_brand IN (" . str_repeat("?,", count($_GET['brand']) - 1) . "?)";
} else {
$_GET['brand'] = []; // in case it is not set
}
if (!empty($_GET['model'])) {
$query .= " AND mdl IN (" . str_repeat("?,", count($_GET['model']) - 1) . "?)";
} else {
$_GET['model'] = []; // in case it is not set
}
if (empty($_GET['sort']) || $_GET['sort'][0] == "date") {
$query .= " ORDER BY pdt DESC";
} elseif ($_GET["sort"][0] == "ASC" || $_GET["sort"][0] == "DESC") {
$query .= " ORDER BY prs " . $_GET['sort'][0];
}
if (isset($_GET['limit'])) {
if (!empty($_GET['offset'])) {
$query .= " LIMIT " . $_GET['limit'] . " OFFSET " . $_GET['offset'];
} else {
$query .= " LIMIT " . $_GET['limit'];
}
}
$stmt = $conn->prepare($query);
$params = array_merge($_GET['cate'], $_GET['brand'], $_GET['model']);
$stmt->execute($params);
$result = $stmt->fetchAll();
$total_row = $stmt->rowCount();
$output = '';
if ($total_row > 0) {
foreach ($result as $row) {
$parameter = $row['pid'];
$hashed = md5($salt . $parameter);
$output .= '<a href="/single_view.php?p=' . $row['id'] . '" class="w-xl-20 w-lg-20 col-md-3 col-6 p-1 p-lg-2">
<div class="card border-0 small">
<img class="card-img-top rounded-0" src="/upload/thumb/' . $row["im1"] . '" alt="Card image cap">
<div class="card-body pb-0 pt-2 px-0">
<h6 class="card-title text-dark text-truncate">' . ucfirst(strtolower($row['tit'])) . '</h6>
<h6 class="card-subtitle mb-1 text-muted text-truncate small">' . $row['product_brand'] . '&nbsp;/&nbsp;' . $row['mdl'] . '</h6>
<p class="card-text"><strong class="card-text text-dark text-truncate">&#x20B9;&nbsp;' . $row['prs'] . '</strong></p>' . timeAgo($row['pdt']) . '
</div>
</div>
</a>';
}
} else {
$output = '<h3>No Data Found</h3>';
}
echo $output;
?>
答案1
得分: 0
你尽管将数据通过GET查询参数发送,尽管已将ajax调用定义为POST方式。这是一个安全风险。尝试将您的AJAX调用更改为如下方式,并将您的$_GET内容替换为$_POST。
$.ajax({
url: '/your-form-processing-page-url-here',
type: 'POST',
data: data,
mimeType: 'multipart/form-data',
success: function(data, status, jqXHR){
alert('好消息!一切正常。');
console.log(data);
console.log(status);
console.log(jqXHR);
},
error: function(jqXHR, status, error){
// 希望我们永远不会到达这里
console.log(jqXHR);
console.log(status);
console.log(error);
}
});
英文:
You are sending data via GET query parameters despite defining the ajax call as a post. That's a security risk. Try changing your AJAX call to something like this, and replace youyr $_GET stuff to $_POST.
$.ajax({
url: '/your-form-processing-page-url-here',
type: 'POST',
data: data,
mimeType: 'multipart/form-data',
success: function(data, status, jqXHR){
alert('Hooray! All is well.');
console.log(data);
console.log(status);
console.log(jqXHR);
},
error: function(jqXHR,status,error){
// Hopefully we should never reach here
console.log(jqXHR);
console.log(status);
console.log(error);
}
});
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论