java - 在httpget上将mysql参数从java发送到php

标签 java php android eclipse

这是 Android 应用程序的一部分...当我指定 mysql_query 而不使用 .$_POST['varname'] 时,我的 php 脚本可以正常工作。要使用用户可定义的不同参数向应用程序添加搜索功能,我尝试根据调用 httpget 时从应用程序传递的值在 PHP 脚本中构建查询... php 脚本的行如下所示:

$result = mysql_query("SELECT * FROM businessdata WHERE '"
    . $_POST['varQuery2']."' =  '" 
    . $_POST['varQuery1']"'") 
    or die(mysql_error());

然后方法如下:(为了完整性,在调用该方法时,为该方法分配字符串值“GET”)

    public JSONObject makeHttpRequest(String url, String method,
        List<NameValuePair> params, String value, String value2) {

    // Making HTTP request
    try {

        // check for request method
        if(method == "POST"){
            // request method is POST
            // defaultHttpClient
            DefaultHttpClient httpClient = new DefaultHttpClient();
           params.add(new BasicNameValuePair("varQuery2", value));
           params.add(new BasicNameValuePair("varQuery1", value2)); 
           HttpPost httpPost = new HttpPost(url);
            httpPost.setEntity(new UrlEncodedFormEntity(params));

            HttpResponse httpResponse = httpClient.execute(httpPost);
            HttpEntity httpEntity = httpResponse.getEntity();
            is = httpEntity.getContent();

        }else if(method == "GET"){
            // request method is GET
            DefaultHttpClient httpClient = new DefaultHttpClient();

            params.add(new BasicNameValuePair("varQuery2", value));
            params.add(new BasicNameValuePair("varQuery1", value2)); 
            String paramString = URLEncodedUtils.format(params, "UTF-8");
            url += "?" + paramString;
            HttpGet httpGet = new HttpGet(url);

            HttpResponse httpResponse = httpClient.execute(httpGet);
            HttpEntity httpEntity = httpResponse.getEntity();
            is = httpEntity.getContent();
        }           

    } catch (UnsupportedEncodingException e) {
        e.printStackTrace();
    } catch (ClientProtocolException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }

    try {
        BufferedReader reader = new BufferedReader(new InputStreamReader(
                is, "iso-8859-1"), 8);
        StringBuilder sb = new StringBuilder();
        String line = null;
        while ((line = reader.readLine()) != null) {
            sb.append(line + "\n");
        }
        is.close();
        json = sb.toString();
    } catch (Exception e) {
        Log.e("Buffer Error", "Error converting result " + e.toString());
    }

    // try parse the string to a JSON object
    try {
        jObj = new JSONObject(json);
    } catch (JSONException e) {
        Log.e("JSON Parser", "Error parsing data " + e.toString());
    }

    // return JSON String
    return jObj;

}

最佳答案 

$result = mysql_query("SELECT * FROM businessdata WHERE '"
    . mysql_real_escape_string($_REQUEST['varQuery2'])."' =  '" 
    . mysql_real_escape_string($_REQUEST['varQuery1'])."'") 
    or die(mysql_error());

使用*_real_escape_string来处理sql注入(inject)。

关于java - 在httpget上将mysql参数从java发送到php,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13004886/

上一篇:java - 权限管理的设计模式

下一篇:Java坦克游戏,创建火法

相关文章:

php - 将透明文本写入 jpeg

Android Studio 3.1 稳定版。构建成功但无法解决错误

android - 可以在自定义对话框中使用 ViewPager 吗?

java - Spring 框架: findBy throws Illegal Argument Exception

java - “找不到符号”或“无法解析符号”错误是什么意思?

java - 在赋值上复制构造函数

android - 为什么获取额外数据总是返回null?

java - 如何获得 Joda 日期之间的正确小时数?

php - 在 PHP 中按类(instanceof)切换

php - facebook live search 使用 php jquery mysql,显示 5 个结果如何显示其余的?

©2024 IT工具网  联系我们