Android MYSQL插入无效
[英]Android MYSQL Insert doesn't Work
问题描述
I am attempting to insert an objetc into a table on my database using the following Code: 
我正在尝试使用以下代码将objetc插入数据库中的表中:
PHP: PHP:
$sql = mysql_query("INSERT INTO order (placer_name, item_name, payment_amount, location_string, location_lat, location_long) VALUES('$_POST[PlacerName]', '$_POST[ItemName]', '$_POST[Payment]', '$_POST[Location]', '$_POST[Lat]', '$_POST[Long]')");
if($sql){
echo 'Success';
}
else{
echo 'Error occured.';
}
}
JAVA: JAVA:
// POST ORDER
public void order(String nm, String pay, String location) {
itemName = nm;
paymentAmount = pay;
locationString = location;
if (Utility.getCurrentLocation() != null) {
handler.post(new Runnable() {
public void run() {
new OrderTask().execute((Void) null);
}
});
} else {
// Cannot Determine Location
showMessage("Cannot Determine Location.");
}
}
class OrderTask extends AsyncTask<Void, Void, Boolean> {
private void postData() {
if (user.loggedIn) {
HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost(
"http://cyberkomm.ch/sidney/php/postOrder.php");
try {
ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(
6);
nameValuePairs.add(new BasicNameValuePair("PlacerName",
user.userName));
nameValuePairs.add(new BasicNameValuePair("ItemName",
itemName));
nameValuePairs.add(new BasicNameValuePair("Payment",
paymentAmount));
nameValuePairs.add(new BasicNameValuePair("Location",
locationString));
nameValuePairs.add(new BasicNameValuePair("Long", String
.valueOf(user.longitude)));
nameValuePairs.add(new BasicNameValuePair("Lat", String
.valueOf(user.latitude)));
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpResponse response = httpclient.execute(httppost);
BufferedReader in = new BufferedReader(
new InputStreamReader(response.getEntity()
.getContent()));
StringBuffer sb = new StringBuffer("");
String line = "";
while ((line = in.readLine()) != null) {
sb.append(line);
break;
}
in.close();
responseString = sb.toString();
if (responseString.equals("Success")) {
// Order Placed
showMessage("Success. Order Placed!");
user.onPlaced();
} else {
// Failed
showMessage("Failed. " + responseString);
}
} catch (Exception e) {
Log.e("log_tag", "Error: " + e.toString());
}
} else {`enter code here`
// Must Login
showMessage("Must Login");
}
}
@Override
protected Boolean doInBackground(Void... params) {
postData();
return null;
}
}
DATABASE: 数据库:
When I run the code, the sql always returns 'Error Occured', which means that it fails to execute the query: 当我运行代码时,sql总是返回“ Error Occured”,这意味着它无法执行查询:
"INSERT INTO order (placer_name, item_name, payment_amount, location_string, location_lat, location_long) VALUES('$_POST[PlacerName]', '$_POST[ItemName]', '$_POST[Payment]', '$_POST[Location]', '$_POST[Lat]', '$_POST[Long]')"
I checked the syntax, and everything seems to be in order, but I had some guesses as to what could be wrong, but I am not sure: 我检查了语法,一切似乎都井然有序,但是我对可能出了什么问题有一些猜测,但我不确定:
Type Issues with integers, doubles Parameter Values
Thank you for your help. 谢谢您的帮助。
1 个解决方案
解决方案1
4 已采纳 2014-09-22 02:10:02
order is a MySQL reserved word. order是MySQL的保留字。
http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html
either wrap it in backticks, or use another word for it, such as orders , that would be OK. 要么将其包装在反引号中,要么为其使用另一个词,例如orders ,那就可以了。
"INSERT INTO `order`
having error reporting on, would have signaled that. 报告错误,将发出信号。
error_reporting(E_ALL);
ini_set('display_errors', 1);
http://php.net/manual/en/function.error-reporting.php http://php.net/manual/en/function.error-reporting.php
the SQL error message would have been: SQL错误消息将是:
You have an error in your SQL syntax;
Plus, your present code is open to SQL injection . 另外,您当前的代码可以进行SQL注入 。 Use mysqli with prepared statements , or PDO with prepared statements . 将mysqli与预处理语句一起使用,或将PDO与预处理语句一起使用 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.