[英]adding data to online DB using php script and httppost from android
In my app I ahve a specific form for the user to complete and I want to store these data in my online DB. 在我的应用程序中,我有一个特定的表单供用户填写,我想将这些数据存储在我的在线数据库中。
Here is my code in java: 这是我在Java中的代码:
public void send_data_to_DB(){
String result = "";
InputStream is = null;
StringBuilder sb=null;
ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();//() before
nameValuePairs.add(new BasicNameValuePair("table", table));
nameValuePairs.add(new BasicNameValuePair("code", Integer.toString(code)));
nameValuePairs.add(new BasicNameValuePair("name", name));
nameValuePairs.add(new BasicNameValuePair("email", email));
try{
HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("http://myurl.php");
HttpEntity entity = new UrlEncodedFormEntity(nameValuePairs);
httppost.addHeader(entity.getContentType());
httppost.setEntity(entity);
HttpResponse response = httpclient.execute(httppost);
//HttpEntity entity = response.getEntity();
//is = entity.getContent();
}catch(Exception e){
Log.e("log_tag", "Error in http connection "+e.toString());
}
}
And Here is my php script: 这是我的PHP脚本:
<?php
mysql_connect("dserver","User","Code");
mysql_select_db("DB_Name");
$table.=$_POST['table'];
$code.=$_POST['code'];
$name.=$_POST['name'];
$email.=$_POST['email'];
$q=mysql_query(" INSERT INTO {$table} (code,name,email) VALUES ({$code},{$name},{$email}) ")or die(mysql_error());
mysql_close();
?>
I think it must be something in my php and the way I am assigning or using the variables but I am not quite experienced in PHP. 我认为这一定是我的php中的东西以及我分配或使用变量的方式,但是我对PHP不太了解。 Can you help me?
你能帮助我吗?
On PHP side it must be .=
instead of =.
在PHP方面,它必须是
.=
而不是=.
. 。
EDIT: 编辑:
The quotes in the SQL statement are missing: SQL语句中的引号缺失:
Change to 改成
"INSERT INTO {$table} (code,name,email) VALUES ('{$code}','{$name}','{$email}')"
$table=.$_POST['table'];
$code=.$_POST['code'];
$name=.$_POST['name'];
$email=.$_POST['email'];
you have extra dot after every equal sign, that probably causes syntax error. 每个等号后都有一个多余的点,这可能会导致语法错误。
Your other problem is sql injection vulnerability, always check /escape properly values before using in query. 您的另一个问题是sql注入漏洞,请始终在查询中使用之前正确检查/ escape值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.