Android MYSQL插件无法正常工作

时间:2014-09-22 02:08:30

标签: php android mysql sql

我正在尝试使用以下代码将objetc插入到数据库的表中:

PHP:

$sql = mysql_query("INSERT INTO order (placer_name, item_name, payment_amount, location_string, location_lat, location_long) VALUES('$_POST[PlacerName]', '$_POST[ItemName]', '$_POST[Payment]', '$_POST[Location]', '$_POST[Lat]', '$_POST[Long]')");     

        if($sql){
             echo 'Success';
        }
        else{
            echo 'Error occured.';
        }
}

JAVA:

 // POST ORDER
    public void order(String nm, String pay, String location) {
        itemName = nm;
        paymentAmount = pay;
        locationString = location;
        if (Utility.getCurrentLocation() != null) {
            handler.post(new Runnable() {
                public void run() {
                    new OrderTask().execute((Void) null);
                }
            });
        } else {
            // Cannot Determine Location
            showMessage("Cannot Determine Location.");
        }
    }

    class OrderTask extends AsyncTask<Void, Void, Boolean> {
        private void postData() {
            if (user.loggedIn) {
                HttpClient httpclient = new DefaultHttpClient();
                HttpPost httppost = new HttpPost(
                        "http://cyberkomm.ch/sidney/php/postOrder.php");
                try {
                    ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(
                            6);
                    nameValuePairs.add(new BasicNameValuePair("PlacerName",
                            user.userName));
                    nameValuePairs.add(new BasicNameValuePair("ItemName",
                            itemName));
                    nameValuePairs.add(new BasicNameValuePair("Payment",
                            paymentAmount));
                    nameValuePairs.add(new BasicNameValuePair("Location",
                            locationString));
                    nameValuePairs.add(new BasicNameValuePair("Long", String
                            .valueOf(user.longitude)));
                    nameValuePairs.add(new BasicNameValuePair("Lat", String
                            .valueOf(user.latitude)));
                    httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
                    HttpResponse response = httpclient.execute(httppost);
                    BufferedReader in = new BufferedReader(
                            new InputStreamReader(response.getEntity()
                                    .getContent()));
                    StringBuffer sb = new StringBuffer("");
                    String line = "";
                    while ((line = in.readLine()) != null) {
                        sb.append(line);
                        break;
                    }
                    in.close();
                    responseString = sb.toString();
                    if (responseString.equals("Success")) {
                        // Order Placed
                        showMessage("Success. Order Placed!");
                        user.onPlaced();
                    } else {
                        // Failed
                        showMessage("Failed. " + responseString);
                    }
                } catch (Exception e) {
                    Log.e("log_tag", "Error:  " + e.toString());
                }
            } else {`enter code here`
                // Must Login
                showMessage("Must Login");
            }
        }

        @Override
        protected Boolean doInBackground(Void... params) {
            postData();
            return null;
        }
    }

数据库: enter image description here

当我运行代码时,sql总是返回&#39; Error Occured&#39;,这意味着它无法执行查询:

"INSERT INTO order (placer_name, item_name, payment_amount, location_string, location_lat, location_long) VALUES('$_POST[PlacerName]', '$_POST[ItemName]', '$_POST[Payment]', '$_POST[Location]', '$_POST[Lat]', '$_POST[Long]')"

我检查了语法,一切似乎都井然有序,但我猜错了什么,但我不确定:

  

使用整数,双精度输出问题   参数值

感谢您的帮助。

1 个答案:

答案 0 :(得分:4)

order是MySQL保留字。

http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html

将其包装在反引号中,或者使用其他单词,例如orders,这样就可以了。

"INSERT INTO `order`

有错误报告,会发出信号。

error_reporting(E_ALL);
ini_set('display_errors', 1);

http://php.net/manual/en/function.error-reporting.php

SQL错误消息应该是:

  

您的SQL语法有错误;检查与MySQL服务器版本对应的手册,以便在'order

附近使用正确的语法

另外,您目前的代码向SQL injection开放。使用mysqli with prepared statementsPDO with prepared statements

相关问题
最新问题