这是 Android 应用程序的一部分...当我指定 mysql_query 而不使用 .$_POST['varname'] 时,我的 php 脚本可以正常工作。要使用用户可定义的不同参数向应用程序添加搜索功能,我尝试根据调用 httpget 时从应用程序传递的值在 PHP 脚本中构建查询... php 脚本的行如下所示:
$result = mysql_query("SELECT * FROM businessdata WHERE '"
. $_POST['varQuery2']."' = '"
. $_POST['varQuery1']"'")
or die(mysql_error());
然后方法如下:(为了完整性,在调用该方法时,为该方法分配字符串值“GET”)
public JSONObject makeHttpRequest(String url, String method,
List<NameValuePair> params, String value, String value2) {
// Making HTTP request
try {
// check for request method
if(method == "POST"){
// request method is POST
// defaultHttpClient
DefaultHttpClient httpClient = new DefaultHttpClient();
params.add(new BasicNameValuePair("varQuery2", value));
params.add(new BasicNameValuePair("varQuery1", value2));
HttpPost httpPost = new HttpPost(url);
httpPost.setEntity(new UrlEncodedFormEntity(params));
HttpResponse httpResponse = httpClient.execute(httpPost);
HttpEntity httpEntity = httpResponse.getEntity();
is = httpEntity.getContent();
}else if(method == "GET"){
// request method is GET
DefaultHttpClient httpClient = new DefaultHttpClient();
params.add(new BasicNameValuePair("varQuery2", value));
params.add(new BasicNameValuePair("varQuery1", value2));
String paramString = URLEncodedUtils.format(params, "UTF-8");
url += "?" + paramString;
HttpGet httpGet = new HttpGet(url);
HttpResponse httpResponse = httpClient.execute(httpGet);
HttpEntity httpEntity = httpResponse.getEntity();
is = httpEntity.getContent();
}
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
try {
BufferedReader reader = new BufferedReader(new InputStreamReader(
is, "iso-8859-1"), 8);
StringBuilder sb = new StringBuilder();
String line = null;
while ((line = reader.readLine()) != null) {
sb.append(line + "\n");
}
is.close();
json = sb.toString();
} catch (Exception e) {
Log.e("Buffer Error", "Error converting result " + e.toString());
}
// try parse the string to a JSON object
try {
jObj = new JSONObject(json);
} catch (JSONException e) {
Log.e("JSON Parser", "Error parsing data " + e.toString());
}
// return JSON String
return jObj;
}
最佳答案
$result = mysql_query("SELECT * FROM businessdata WHERE '"
. mysql_real_escape_string($_REQUEST['varQuery2'])."' = '"
. mysql_real_escape_string($_REQUEST['varQuery1'])."'")
or die(mysql_error());
使用*_real_escape_string来处理sql注入(inject)。
关于java - 在httpget上将mysql参数从java发送到php,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13004886/