Question

我在android客户端上有一些文本，我想将它发送到数据库（MySQL）。我该怎么做。请帮我这个。我尝试使用php和Mysql。是Php中的查询对吗??

这是我尝试过的的 Insert.java

public class Insert extends ListActivity {
String[] ct_name = null;

@Override
public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    // setContentView(R.layout.main);

    InputStream is = null;
    // http post
    ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();       
    nameValuePairs.add(new BasicNameValuePair("c_name","KL"));
    try{
        HttpClient httpclient = new DefaultHttpClient();
        HttpPost httppost = new HttpPost("http://10.0.2.2/city1.php");
        httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
        HttpResponse response = httpclient.execute(httppost);
        HttpEntity entity = response.getEntity();
        is = entity.getContent();
        }catch(Exception e){
        Log.e("log_tag", "Error in http connection"+e.toString());
        }
    }

}

我不确定php文件，但这里是

city1.php

<?php
   $hostname_localhost ="localhost";
   $database_localhost ="mydatabase";
   $username_localhost ="root";
   $password_localhost ="";

$localhost = mysql_connect($hostname_localhost,$username_localhost,$password_localhost) 
    or trigger_error(mysql_error(),E_USER_ERROR);

   mysql_select_db($database_localhost);
   $sql=mysql_query("INSERT INTO CITY (CITY_NAME)VALUES('".$_REQUEST['c_name']."')");
   //for updation
   //$sql=update CITY set CITY_NAME='".$_REQUEST['c_name']."' where CITY_ID=22
   $r=mysql_query($sql);
   if(!$r)
   echo "Error in query: ".mysql_error();
   mysql_close();
?>

MYSQL

CREATE TABLE `mydatabase`.`city` (
`CITY_ID` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`CITY_NAME` VARCHAR( 50 ) NOT NULL
) ENGINE = MYISAM ;

Answer 1

我会改变这个：

$sql=mysql_query("INSERT INTO CITY (CITY_NAME)VALUES('".$_REQUEST['c_name']."')");

到

$c_name = mysql_real_escape_string($_REQUEST['c_name']);
$sql = mysql_query("INSERT INTO CITY (CITY_NAME) VALUES('".$c_name."')");

否则，您很容易受到SQL注入攻击！

修改

我假设这一行：

$sql=mysql_query("INSERT ...

应该是

$sql="INSERT ...

否则这条线毫无意义：

$r=mysql_query($sql);

此外，从浏览器访问http://10.0.2.2/city1.php?c_name=Foobar时是否有任何输出指示错误？

@JLevett尽管与手头的问题无关，但这个漏洞是引起我注意的第一件事，所以我想在处理问题本身之前迅速指出这一点。

使用php将数据从android发送到mysql

1 个答案: