How to transmit strings to the php server through javascript-php Tutorial

How to transmit strings to the php server through javascript has a page where a specific user can enter the mysql Query command on the page after logging on.
After receiving the command, the php server directly transmits the command string to mysql for execution and then displays the result on this page.

At the beginning, the editable control content was directly transmitted to the server in javascript. no, the ">" or "<" or other symbols in the command string are not normal.

Then, the string is converted to the javascript encodeURIComponent function and sent back to the server using the php html_entity_decode function. in this way, most of the commands I use can be used, the quotation marks in the command are not normal.

I can't find the method. it's too much trouble to transfer a string over the network.
Please try again!

Reply to discussion (solution)

After encodeURIComponent uses it for transcoding, php can directly receive it! You don't need to switch it any more!

Replace html_entity_decode () with rawurldecode ();

Htmlspecialchars_decode: try this function.

Try various transcoding functions

1. you always need to input in the text control. no matter whether it is form submission or ajax sending, you do not need to process it.
2. when sending via ajax, if the page is not UTF-8 and the sending string can contain Chinese characters. You should consider adding encodeURIComponent to design the ajax component for url encoding, and the server needs to perform character set conversion.
3. after receiving the data, the server should perform the escape operation (stripslashes) based on the status of get_magic_quotes_gpc)
The magic_quotes_gpc switch is disabled and canceled by default after php5.3.
4. encodeURIComponent performs url encoding based on the UTF-8 character set. that is, no matter what character set the page is, the server obtains UTF-8 data.
5. html_entity_decode is the inverse function of htmlentities and has nothing to do with url encoding.

After learning the basic knowledge, I think you can continue.

Thank you for your help!
I did a detailed test after reading it carefully.
My input is an editable DIV, but I tried it in the text box during the test.
If no conversion is made, it is okay to enter select * from tablename in the input box and select * from tablename where id> 5.
Add the encodeURIComponent function when sending the message. after the server uses html_entity_decode, select * from tablename where id> 5 for normal output.
When I used this encodeURIComponent, I just looked for it and found it. I tried it, but I didn't have the corresponding decoding function in php. I tried it using html_entity_decode.

The following is my test code:
Client

Test
 Script function handleStateChange () {if (xmlHttp. readyState = 4) {if (xmlHttp. status = 200) {document. getElementById ("md "). innerHTML = xmlHttp. responseText ;}} function createXMLHttpRequest () {try {xmlHttp = new ActiveXObject ("Msxml2.XMLHTTP");} catch (e) {try {xmlHttp = new ActiveXObject ("Microsoft. XMLHTTP ") ;}catch (oc) {xmlHttp = null ;}} if (! XmlHttp & typeof XMLHttpRequest! = "Undefined") {xmlHttp = new XMLHttpRequest ();} return xmlHttp;} function sendstr () {var xmlHttp = createXMLHttpRequest (); // var str = "str =" + document. getElementById ("sqlstr "). innerHTML; // var str = "str =" + document. getElementById ("sqlstr "). value; // var str = "str =" + encodeURIComponent (document. getElementById ("sqlstr "). value); var str = "str =" + encodeURIComponent (document. getElementById ("sqlstr "). innerHTML); var url = "t2_1get.php"; xmlHttp. open ("POST", url, true); xmlHttp. onreadystatechange = handleStateChange; xmlHttp. setRequestHeader ("Content-Type", "application/x-www-form-urlencoded;"); xmlHttp. send (str);} script
 

Server

Test get
 
 Connect_error) {printf ("connection failed: % s \ n", $ mysqli-> connect_error); exit ();} $ mysqli-> query ("set names 'utf8'"); // $ sqlstr =$ _ POST ['str']; $ sqlstr = html_entity_decode ($ _ POST ['str'], ENT_COMPAT, 'utf-8'); // $ sqlstr = html_entity_decode ($ _ POST ['str']); echo "sqlstr = ". $ sqlstr."
"; $ Res = $ mysqli-> query ($ sqlstr); if (! $ Res) {echo $ mysqli-> error; exit;} $ finfo = $ res-> fetch_fields (); echo"
 
 
     "; Foreach ($ finfo as $ val) {echo" 
    ";} Echo" 
   "; While ($ row = $ res-> fetch_row () {echo" 
   
     "; For ($ I = 0; $ I <$ res-> field_count; $ I ++) {echo" 
    ";} Echo" 
   ";} Echo" 
  

  
  
 
   
". $ Val-> name ."
". $ Row [$ I]."
 
 
";?>

We recommend that you use encapsulated jquery to implement ajax functions.

Beginner, not familiar with jquery.
However, my program is not complicated. it should be javascript.

Beginner, not familiar with jquery.
However, my program is not complicated. it should be javascript.

If you are a beginner, just go to jquery.

Change server

 After running, you can see
 
 
Depressed!
In the same code, I see the following:
  
  
Is there any problem with apache and php versions, or is there any incorrect configuration.
My apache is 2.2.4,
Php is 5.2.3
  
Additional test code:
  
Test
  Script function handleStateChange () {if (xmlHttp. readyState = 4) {if (xmlHttp. status = 200) {document. getElementById ("md "). innerHTML = xmlHttp. responseText ;}} function createXMLHttpRequest () {try {xmlHttp = new ActiveXObject ("Msxml2.XMLHTTP");} catch (e) {try {xmlHttp = new ActiveXObject ("Microsoft. XMLHTTP ") ;}catch (oc) {xmlHttp = null ;}} if (! XmlHttp & typeof XMLHttpRequest! = "Undefined") {xmlHttp = new XMLHttpRequest ();} return xmlHttp;} function sendstr () {var xmlHttp = createXMLHttpRequest (); var str = "str =" + document. getElementById ("sqlstr "). innerHTML; var url = "t2_1get.php"; xmlHttp. open ("POST", url, true); xmlHttp. onreadystatechange = handleStateChange; xmlHttp. setRequestHeader ("Content-Type", "application/x-www-form-urlencoded;"); xmlHttp. send (str);} script
  
  
T2_1get.php:
  
  
 
 
If the encodeURIComponent conversion is added to the client, it will look like this again:
  
  
  
  
 
 
If the value is greater than '5'
Changed to> \ '5 \'
It indicates that the magic_quotes_gpc switch is on and the escape is automatically processed.
So you need
  
if(get_magic_quotes_gpc()) {  $_POST['str'] = stripslashes($_POST['str']);}
 
 
Thanks to the help of the xuzuning moderator!
Thank you!