在document.ready上調用javascript

Question

我的jquery不會在文檔準備好時運行我的java腳本函數。

cont += "<script>"; 
cont += "$(document).ready(function() {Puma.getReasonForBTI()});"; 
cont += "</script>"; 

JS功能

Puma.getReasonForBTI = function() { 
    var reason = document.getElementById("reasonId").value; 
    var msql = "SELECT Pid FROM tPid WHERE Reason = 'reason'"; 
    sql = "action=getReasonForBTI&sql=" + encodeURIComponent(msql); 
    objAjaxAd.main_flag = "getReasonForBTI"; 
    objAjaxAd.SendQuery(sql); 
} 

任何幫助，將不勝感激。

Answer 1

爲什麼不直接添加DocReady到你的JS？

Puma.getReasonForBTI = function() { 
    var reason = document.getElementById("reasonId").value; 
    var msql = "SELECT Pid FROM tPid WHERE Reason = 'reason'"; 
    sql = "action=getReasonForBTI&sql=" + encodeURIComponent(msql); 
    objAjaxAd.main_flag = "getReasonForBTI"; 
    objAjaxAd.SendQuery(sql); 
} 

$(document).ready(function() { 
    Puma.getReasonForBTI() 
}); 

編輯：

另外，我想單獨和消毒它的服務器端發送reason，然後把它變成一個查詢。通過Javascript/AJAX發送SQL查詢只是要求麻煩。

仿皮代碼：

sql(" 
    SELECT Pid 
    FROM tPid 
    WHERE Reason = ? 
", $ajax.reason) 

DOUBLE編輯

而且，把reason在單引號中的字符串不評價reason值。剛剛想到我會爲您節省一些未來的頭痛

var foo = "bar"; 
console.log("The value of foo is 'foo'"); 
=> "The value of foo is 'foo'" 
console.log("The value of foo is " + foo); 
=> "The value of foo is bar" 

Answer 2

嘗試一個chrome瀏覽器和開發工具（F12）。

1. 看一看的errorconsole。
2. 修正錯誤
3. 更改代碼，因爲有人可以用你的代碼從底層數據庫

更新

var reason = document.getElementById("reasonId").value; 
// reason is entered directly byy a user (or Mr. EvilHacker). 
var msql = "SELECT Pid FROM tPid WHERE Reason = 'reason'"; 
// Here you create a SQL, which may sounds like this: 

SELECT Pid FROM tPid WHERE Reason = ''; DROP table tPid;--' 

刪除任何數據，如果邪惡的黑客進入';DROP table tPid;--放入文本框中。看看owasp.org瞭解更多信息