Skip to main content

Send data from android to mysql using php



I have a some text on an android client, I want to send it to the database(MySQL). How do I do this.Please help me with this. I tried using php and Mysql. Is the query in Php right??





Here is what I have tried Insert.java







public class Insert extends ListActivity {

String[] ct_name = null;



@Override

public void onCreate(Bundle savedInstanceState) {

super.onCreate(savedInstanceState);

// setContentView(R.layout.main);



InputStream is = null;

// http post

ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();

nameValuePairs.add(new BasicNameValuePair("c_name","KL"));

try{

HttpClient httpclient = new DefaultHttpClient();

HttpPost httppost = new HttpPost("http://10.0.2.2/city1.php");

httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));

HttpResponse response = httpclient.execute(httppost);

HttpEntity entity = response.getEntity();

is = entity.getContent();

}catch(Exception e){

Log.e("log_tag", "Error in http connection"+e.toString());

}

}



}







I am not sure about the php file but here goes





city1.php







<?php

$hostname_localhost ="localhost";

$database_localhost ="mydatabase";

$username_localhost ="root";

$password_localhost ="";



$localhost = mysql_connect($hostname_localhost,$username_localhost,$password_localhost)

or trigger_error(mysql_error(),E_USER_ERROR);



mysql_select_db($database_localhost);

$sql=mysql_query("INSERT INTO CITY (CITY_NAME)VALUES('".$_REQUEST['c_name']."')");

//for updation

//$sql=update CITY set CITY_NAME='".$_REQUEST['c_name']."' where CITY_ID=22

$r=mysql_query($sql);

if(!$r)

echo "Error in query: ".mysql_error();

mysql_close();

?>







MYSQL







CREATE TABLE `mydatabase`.`city` (

`CITY_ID` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,

`CITY_NAME` VARCHAR( 50 ) NOT NULL

) ENGINE = MYISAM ;




Comments

  1. I'd change this:

    $sql=mysql_query("INSERT INTO CITY (CITY_NAME)VALUES('".$_REQUEST['c_name']."')");


    to

    $c_name = mysql_real_escape_string($_REQUEST['c_name']);
    $sql = mysql_query("INSERT INTO CITY (CITY_NAME) VALUES('".$c_name."')");


    Otherwise, you're vulnerable to SQL injection attacks!

    EDIT:

    I'm assuming this line:

    $sql=mysql_query("INSERT ...


    should be

    $sql="INSERT ...


    ?

    Otherwise this line makes no sense:

    $r=mysql_query($sql);


    Also, is there any output indicating an error when accessing http://10.0.2.2/city1.php?c_name=Foobar from your browser?

    @JLevett Even though unrelated to the problem at hand, that vuln was the first thing that caught my eye, so I wanted to point that out quickly, before dealing with the problem itself.

    ReplyDelete

Post a Comment

Popular posts from this blog

Why is this Javascript much *slower* than its jQuery equivalent?

I have a HTML list of about 500 items and a "filter" box above it. I started by using jQuery to filter the list when I typed a letter (timing code added later): $('#filter').keyup( function() { var jqStart = (new Date).getTime(); var search = $(this).val().toLowerCase(); var $list = $('ul.ablist > li'); $list.each( function() { if ( $(this).text().toLowerCase().indexOf(search) === -1 ) $(this).hide(); else $(this).show(); } ); console.log('Time: ' + ((new Date).getTime() - jqStart)); } ); However, there was a couple of seconds delay after typing each letter (particularly the first letter). So I thought it may be slightly quicker if I used plain Javascript (I read recently that jQuery's each function is particularly slow). Here's my JS equivalent: document.getElementById('filter').addEventListener( 'keyup', function () { var jsStart = (new Date).getTime()...

Is it possible to have IF statement in an Echo statement in PHP

Thanks in advance. I did look at the other questions/answers that were similar and didn't find exactly what I was looking for. I'm trying to do this, am I on the right path? echo " <div id='tabs-".$match."'> <textarea id='".$match."' name='".$match."'>". if ($COLUMN_NAME === $match) { echo $FIELD_WITH_COLUMN_NAME; } else { } ."</textarea> <script type='text/javascript'> CKEDITOR.replace( '".$match."' ); </script> </div>"; I am getting the following error message in the browser: Parse error: syntax error, unexpected T_IF Please let me know if this is the right way to go about nesting an IF statement inside an echo. Thank you.