Problem generating content via Jquery

Asked

Viewed 205 times

3

I have a problem that depending on the selected text in the first check box it does not load the years relative to it in the database. Only when the text loaded in the first box has no space jquery works.

*Follow the file with the checkboxes "gera_html.php"*

<html>
<head>
<title>Gerador Planos de Ensino</title>
<link rel="stylesheet" media="screen" href="./css/styles.css" > 
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<script src="jquery-1.3.2.min.js" type="text/javascript"></script>
<script src="./js/ver_selects.js" type="text/javascript">
</script>
<script type="text/javascript">
    $(document).ready(function(){

        $('#departamentos').change(function(){
            $('#anos').load('anos.php?departamentos='+$('#departamentos').val() );

        });
    });
</script>   
</head>
<?php

  include "valida_cookies.inc";
  require("connect.php");

?>
<body>
<form class="cad_admin" method="GET" action="anos.php" autocomplete="on" >
<ul>
<h2>Gerador Planos de Ensino</h2>
<li>
<li><label>Escolha um Departamento</label>
<select name="departamentos"  id="departamentos" >
<?php
require("connect.php");
$depto_result=mysql_query("SELECT DISTINCT DepartamentoDoResponsavel FROM  responsavel ORDER BY    DepartamentoDoResponsavel ASC");
echo "<option value='00'>".'Escolha um departamento'."</option>";
while($row = mysql_fetch_array($depto_result)){
echo "<option>".$row['DepartamentoDoResponsavel']."</option>";
}
mysql_close();
?>
</select></li>      

</select></li>      
<li><label>Ano</label>
<select name="anos" id="anos">
    <option value="00">Escolha um Ano</option>
</select></li>
<li>
 <button class="submit" type="submit">Gerar</button>
</li>
</li>
</ul>
</form>
</body>
</html>

And here the years.php being called in jquery 

$departamento = $_GET['departamentos'];
echo $departamento;
require('connect.php');

     $sql = "SELECT DISTINCT AnoDeAplicacao FROM planodeensino 
    WHERE planodeensino.DepartamentoPorExtenso = '$departamento'";

$result = mysql_query($sql);
echo "<option value='0'>".'Escolha um Ano'."</option>";

while($linha = mysql_fetch_array($result) ){
    echo "<option>".$linha['AnoDeAplicacao']."</option>";
}
mysql_close();

?>

php jquery

  • If you do echo $sql; in the anos.php what gives you?

  • Ever tried to give a trim() in his $('#departamentos').val()?

  • 2

    Please fix that code, if not: ?departamentos=';DROP+TABLE+planodeensino;--

  • 3

    I agree, make some treatment in the code or use PDO to avoid problems with SQL Injection.

  • @Gustavorodrigues: surely the code is very vulnerable and this needs to be handled, but your specific example is harmless because the command mysql_query of the (obsolete) PHP mysql extension only runs one query at a time (what comes after the semicolon is ignored)

  • The $sql variable is thus SELECT DISTINCT WHERE planodeensino.Departamentoporextenso = 'MECÂNICA' if you have used echo

  • I’m trying to figure this out before I switch to PDO, thanks for your concern.

  • I didn’t know this: it’s been a long time since I used this extension. Anyway it’s best to avoid.

  • Your code may even ignore something after the comma point, but it won’t ignore something like' OR 1=1 \. If this will display your entire table on a page or if it will allow the person to file with wrong password, it is still a problem. Bad things can still happen even if you use DROP TABLE

Show 4 more comments

2 answers

1


I think the method param jQuery will help you: http://api.jquery.com/jQuery.param/

Try changing the line that calls the load jQuery’s leaving her like this:

$('#anos').load('anos.php?' + $.param({ departamentos: $('#departamentos').val() }) );

Another thing: your application is using ISO-8859-1, only Ajax is UTF-8. To resolve this, change the first line of the "years.php" script to:

$departamento = utf8_decode($_GET['departamentos']);

  • It carries those with space and no space but only when they lack accentuation.

  • I added new guidelines in the answer above. If it works, remember to accept my answer as correct by clicking on the "V" next to it. ;-) You can also click the arrow up to give me a "vote" in favor... thank you!

  • 1

    Thanks, it worked, how much the clicked arrow was not possible for lack of reputation on my part, sorry for this.

  • @user4725 - Beauty, no problem. Thanks! I’m glad the answer helped.

0

In your query try to use LIKE %%to the comparison, from what I understand, I believe it solves:

"SELECT DISTINCT AnoDeAplicacao FROM planodeensino WHERE planodeensino.DepartamentoPorExtenso LIKE %$departamento%"

  • Hello even with the LIKE still does not load the spaced had forgotten to warn that I have already made the exchange.

  • Have you tried coding before ordering?: encodeURIComponent($('#departamentos').val())

  • If I do this the loading of the second box does not work, thanks for the speed in the answers.

Browser other questions tagged php jquery

You are not signed in. Login or sign up in order to post.