Skip to main content

Send data from android to mysql using php

Image
By User



I have a some text on an android client, I want to send it to the database(MySQL). How do I do this.Please help me with this. I tried using php and Mysql. Is the query in Php right??





Here is what I have tried Insert.java







public class Insert extends ListActivity {

String[] ct_name = null;



@Override

public void onCreate(Bundle savedInstanceState) {

    super.onCreate(savedInstanceState);

    // setContentView(R.layout.main);



    InputStream is = null;

    // http post

    ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();       

    nameValuePairs.add(new BasicNameValuePair("c_name","KL"));

    try{

        HttpClient httpclient = new DefaultHttpClient();

        HttpPost httppost = new HttpPost("http://10.0.2.2/city1.php");

        httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));

        HttpResponse response = httpclient.execute(httppost);

        HttpEntity entity = response.getEntity();

        is = entity.getContent();

        }catch(Exception e){

        Log.e("log_tag", "Error in http connection"+e.toString());

        }

    }



}







I am not sure about the php file but here goes





city1.php







<?php

   $hostname_localhost ="localhost";

   $database_localhost ="mydatabase";

   $username_localhost ="root";

   $password_localhost ="";



$localhost = mysql_connect($hostname_localhost,$username_localhost,$password_localhost) 

    or trigger_error(mysql_error(),E_USER_ERROR);



   mysql_select_db($database_localhost);

   $sql=mysql_query("INSERT INTO CITY (CITY_NAME)VALUES('".$_REQUEST['c_name']."')");

   //for updation

   //$sql=update CITY set CITY_NAME='".$_REQUEST['c_name']."' where CITY_ID=22

   $r=mysql_query($sql);

   if(!$r)

   echo "Error in query: ".mysql_error();

   mysql_close();

?>







MYSQL







CREATE TABLE `mydatabase`.`city` (

`CITY_ID` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,

`CITY_NAME` VARCHAR( 50 ) NOT NULL

) ENGINE = MYISAM ;




Labels:

Comments

  1. Tips For AllMarch 5, 2012 at 7:14 AM

    I'd change this:

    $sql=mysql_query("INSERT INTO CITY (CITY_NAME)VALUES('".$_REQUEST['c_name']."')");


    to

    $c_name = mysql_real_escape_string($_REQUEST['c_name']);
    $sql = mysql_query("INSERT INTO CITY (CITY_NAME) VALUES('".$c_name."')");


    Otherwise, you're vulnerable to SQL injection attacks!

    EDIT:

    I'm assuming this line:

    $sql=mysql_query("INSERT ...


    should be

    $sql="INSERT ...


    ?

    Otherwise this line makes no sense:

    $r=mysql_query($sql);


    Also, is there any output indicating an error when accessing http://10.0.2.2/city1.php?c_name=Foobar from your browser?

    @JLevett Even though unrelated to the problem at hand, that vuln was the first thing that caught my eye, so I wanted to point that out quickly, before dealing with the problem itself.

    ReplyDelete

Post a Comment

Popular posts from this blog

Wildcards in a hosts file

By User
I want to setup my local development machine so that any requests for *.local are redirected to localhost . The idea is that as I develop multiple sites, I can just add vhosts to Apache called site1.local , site2.local etc, and have them all resolve to localhost , while Apache serves a different site accordingly.
12 comments
Read more