Ich versuche auf Variable in PHP-Datei von AJAX gesendet. Ich habe versucht, $ _POST ['category_id'] wie unten gezeigt, aber ohne Glück. Die Variable category_id wird auf einen Wert gesetzt, das habe ich bereits überprüft. Ich denke, dass das Problem in Datentyp JSON sein kann, aber ich bin mir nicht sicher.Abrufen von Daten in PHP gesendet von Ajax
if(optimizedDatabaseLoading == 1){
google.maps.event.addListener(map, 'idle', function(){
if(searchClicked != 1){
var ajaxData = {
optimized_loading: 1,
north_east_lat: map.getBounds().getNorthEast().lat(),
north_east_lng: map.getBounds().getNorthEast().lng(),
south_west_lat: map.getBounds().getSouthWest().lat(),
south_west_lng: map.getBounds().getSouthWest().lng(),
};
if(markerCluster != undefined){
markerCluster.clearMarkers();
}
loadData(category_id, "assets/external/data.php", ajaxData);
}
});
}
else {
google.maps.event.addListenerOnce(map, 'idle', function(){
loadData(category_id, "assets/external/data.php");
});
}
function loadData(category_id, url, ajaxData){
console.log('inside:', category_id);
$.ajax({
url: url,
dataType: "json",
method: "POST",
data: ajaxData, category_id: category_id,
cache: false,
success: function(results){
for(var i=0; i <newMarkers.length; i++){
newMarkers[i].setMap(null);
}
allMarkers = results;
placeMarkers(results);
},
error : function (e) {
console.log(e);
}
});
}
data.php
if (!isset($_POST['category_id'])) {
if (!empty($_POST["optimized_loading"])) {
$queryData = mysqli_query($connection, "SELECT id, title, latitude, longitude, address, marker_image FROM items WHERE latitude <= " . $_POST["north_east_lat"] . " AND latitude >= " . $_POST["south_west_lat"] . " AND longitude <=" . $_POST["north_east_lng"] . " AND longitude >= " . $_POST["south_west_lng"]);
} else {
$queryData = mysqli_query($connection, "SELECT id, title, latitude, longitude, address, marker_image FROM items");
}
}
else {
if(!empty($_POST["optimized_loading"])){
$queryData = mysqli_query($connection, "SELECT id, title, latitude, longitude, address, marker_image FROM items WHERE latitude <= " . $_POST["north_east_lat"] . " AND latitude >= " . $_POST["south_west_lat"] . " AND longitude <=" . $_POST["north_east_lng"] . " AND longitude >= " .$_POST["south_west_lng"] . " AND items.item_category_id = " . json_decode($_POST['category_id']));
}
else {
$queryData = mysqli_query($connection, "SELECT id, title, latitude, longitude, address, marker_image FROM items WHERE items.item_category_id = 1" . json_decode($_POST['category_id']));
}
}
Ihr Code [** SQL-Injection **] (https://en.wikipedia.org/wiki/SQL_injection) Angriffe verwundbar ist. Sie sollten [** mysqli **] (https://secure.php.net/manual/en/mysqli.prepare.php) oder [** PDO **] (https://secure.php.net/) verwenden. manual/de/pdo.prepared-statements.php) vorbereitete Anweisungen mit gebundenen Parametern wie in [** dieser Beitrag **] beschrieben (https://stackoverflow.com/questions/60174/how-cani-i-prevent-sql -injektion-in-php). –