I've created a local application which uses ajax to call results from a SQL database.
The system works great, however if some searches with a ' then the system fails and I get the following error "Notice: Array to string conversion in.."
Here's my Javascript which calls the ajax and pushes the results to the div on my HTML page.
Is there a way I can parse the ' with my code below?
$('input#prodsearch').keypress(function(e) {
var key = e.which;
if (key == 13) { // the enter key
var name = $('input#prodsearch').val();
if ($.trim(name) != '') {
$.post('assets/ajax/prodsearch.php', { prodsearch: name }, function(data) {
$('#stockresults').html(data)
});
}
}
});
Heres my php minus the while statement that outputs the rows of results.
if (isset($_POST['prodsearch']) === true && empty($_POST['prodsearch']) === false) {
$query = "SELECT STKCODE, STKNAME
FROM dbo.STOCK
WHERE (STKNAME LIKE '%" . $_POST['prodsearch'] . "%' OR STKCODE LIKE '" . $_POST['prodsearch'] . "%')
order by STKCODE ASC";
};
Ideally you'll want to encode the string(s) you're sending through via AJAX.
Change this line:
$.post('assets/ajax/prodsearch.php', { prodsearch: name }, function(data) {
to this:
$.post('assets/ajax/prodsearch.php', { prodsearch: encodeURIComponent(name) }, function(data) {