上傳一個變量到sql查詢
[英]Upload a variable to sql query
問題描述
在我的應用程序中,我想從服務器獲取 JSON 數據。 為此,我希望用戶輸入一個進入獲取查詢的變量,但我嘗試的方式我的應用程序沒有從服務器得到任何響應:
<?php
$conn = new mysqli($servername, $username, $password, $dbname);
if(isset($_POST['name'])){
$query = "INSERT INTO TestTable (name) VALUES ('$_POST[name]')";
if(mysqli_query($conn,$query)){
echo 'Data Submit Successfully';
}else{
echo 'Try Again';
}
}
$var = $_POST['name'];
$query = "SELECT * FROM TestTable WHERE id = '$var'";
$result = mysqli_query($conn, $query);
while($row = mysqli_fetch_assoc($result)) {
$array[] = $row;
}
header('Content-Type:Application/json');
echo json_encode($array);
mysqli_close($conn);
?>
上傳的變量按它應該做的那樣發布到表中。 如果我將$var設置$var固定值,我會得到正確的響應。 但是我必須改變什么才能讓我發布的變量進入選擇查詢?
編輯:這是我上傳變量並獲取結果的代碼 - GetData()和InsertData()方法用於上傳,另外兩個方法用於獲取:
public class MainActivity extends AppCompatActivity {
List<GetDataAdapter> GetDataAdapter1;
RecyclerView recyclerView;
RecyclerView.LayoutManager recyclerViewlayoutManager;
RecyclerView.Adapter recyclerViewadapter;
ProgressBar progressBar;
String ServerURL = "https://x.com/test.php";
EditText name;
Button button;
String TempName;
String JSON_ID = "id";
String JSON_NAME = "name";
JsonArrayRequest jsonArrayRequest;
com.android.volley.RequestQueue requestQueue;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
GetDataAdapter1 = new ArrayList<>();
recyclerView = (RecyclerView) findViewById(R.id.recyclerView1);
progressBar = (ProgressBar) findViewById(R.id.progressBar1);
button = (Button) findViewById(R.id.button);
recyclerView.setHasFixedSize(true);
recyclerViewlayoutManager = new LinearLayoutManager(this);
recyclerView.setLayoutManager(recyclerViewlayoutManager);
name = (EditText) findViewById(R.id.editText);
button.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View view) {
GetData();
InsertData(TempName);
JSON_DATA_WEB_CALL();
}
});
}
public void GetData() {
TempName = name.getText().toString();
}
public void InsertData(final String a) {
class SendPostReqAsyncTask extends AsyncTask<String, Void, String> {
@Override
protected String doInBackground(String... params) {
String NameHolder = a;
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
nameValuePairs.add(new BasicNameValuePair("name", NameHolder));
try {
HttpClient httpClient = new DefaultHttpClient();
HttpPost httpPost = new HttpPost(ServerURL);
httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpResponse httpResponse = httpClient.execute(httpPost);
HttpEntity httpEntity = httpResponse.getEntity();
String responseStr = EntityUtils.toString(resEntity).trim();
Log.v("TAG 2", "Response: " + responseStr);
} catch (ClientProtocolException e) {
} catch (IOException e) {
}
return "Data Inserted Successfully";
}
@Override
protected void onPostExecute(String result) {
super.onPostExecute(result);
Toast.makeText(MainActivity.this, "Data Submit Successfully", Toast.LENGTH_LONG).show();
}
}
SendPostReqAsyncTask sendPostReqAsyncTask = new SendPostReqAsyncTask();
sendPostReqAsyncTask.execute(a);
}
public void JSON_DATA_WEB_CALL() {
jsonArrayRequest = new JsonArrayRequest(ServerURL,
new Response.Listener<JSONArray>() {
@Override
public void onResponse(JSONArray response) {
progressBar.setVisibility(View.GONE);
JSON_PARSE_DATA_AFTER_WEBCALL(response);
}
},
new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
}
});
requestQueue = Volley.newRequestQueue(this);
requestQueue.add(jsonArrayRequest);
}
public void JSON_PARSE_DATA_AFTER_WEBCALL(JSONArray array) {
for (int i = 0; i < array.length(); i++) {
GetDataAdapter GetDataAdapter2 = new GetDataAdapter();
JSONObject json = null;
try {
json = array.getJSONObject(i);
GetDataAdapter2.setId(json.getInt(JSON_ID));
GetDataAdapter2.setName(json.getString(JSON_NAME));
} catch (JSONException e) {
e.printStackTrace();
}
GetDataAdapter1.add(GetDataAdapter2);
}
recyclerViewadapter = new RecyclerViewAdapter(GetDataAdapter1, this);
recyclerView.setAdapter(recyclerViewadapter);
}
}
1 個解決方案
解決方案1
0 已采納 2018-09-11 13:45:23
我建議定義你的帖子變量
$postVar = $_POST['variable'];
那么您應該在將其放入 SQL 字符串之前對其進行消毒。
我更喜歡使用准備好的語句。 您應該在此處閱讀有關它們的信息https://www.w3schools.com/php/php_mysql_prepared_statements.asp並改用它們,因為它完全適合您的情況
編輯:你是如何確定你的 SELECT 查詢沒有執行的?
編輯 2:所以我測試了你的代碼的修改版本:
if(isset($_GET['name'])){
$query = "INSERT INTO TestTable (name) VALUES ('$_GET[name]')";
echo $query;
echo "</br></br>";
}
$var = "$_GET[name]";
echo $var;
echo "</br></br>";
$query = "SELECT * FROM TestTable WHERE name = '$var'";
echo $query;
通過轉到fileName.php?name=getVariableCorrectlyPopulated產生的輸出是:
INSERT INTO TestTable (name) VALUES ('getVariableCorrectlyPopulated')
getVariableCorrectlyPopulated
SELECT * FROM TestTable WHERE name = 'getVariableCorrectlyPopulated'
如您所見,使用 GET 而不是 POST 但數據正確輸入,我建議您在第一次制作腳本時執行相同或類似的操作。您可以使用 XAMPP(例如)進行 Apache 分發並在本地運行您的腳本。
編輯 3+4:
已測試並正在工作:
<?php
if(isset($_POST['name'])){
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
$conn = new mysqli($servername, $username, $password, $dbname);
$array=array();
$postVar = $_POST['name'];
//DONT FORGET TO SANITIZE
$query1 = "INSERT INTO TestTable (name) VALUES ('$postVar')";
if(mysqli_query($conn,$query1, false)){
// echo 'Data Submit Successfully';
}else{
echo 'Try Again';
}
$query2 = "SELECT * FROM TestTable WHERE name = '$postVar'";
$result = mysqli_query($conn, $query2);
while($row = mysqli_fetch_assoc($result)) {
$array[] = $row['name'];
}
echo json_encode($array);
}
?>
請記住,有更好的方法可以做到這一點......請參閱上面的准備好的聲明
編輯 5:您應該將代碼更改為我在編輯 3+4 中給您的代碼(並清理發布數據)並編輯您的 android 代碼,以便您處理來自doInBackground方法的響應https://developer.android.com /reference/android/os/AsyncTask 。
變量不傳遞給SQL查詢
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.