我正在发布来自android应用程序的字符串数据,我正在开发一个SQL数据库。 (MAMP) - 本地服务器通过Android上的异步任务使用POST方法更新SQL数据库
我能够将所有POST数据从PHP复制到android应用程序,所以我相当确信java是稳定的。
php中的示例“echo $ username;”我在我的android模拟器上获得了andrewnguyen22。 它适用于我所有的PHP变量,所以我知道android POST是工作正常。
当我硬编码$ POST信息,并刷新PHP页面,该代码工作正常... 但继承人是令我感到困惑的事情...
SQL数据库不会使用Android的更新应用程序,而不是它回应用户名。这意味着没有行受到php的影响。任何人都能看到我的错误?
下面我发布了我的PHP和我的Java。
PHP代码:
require "conn.php";
$username = $_POST["username"];
$fullName = $_POST["fullName"];
$age =$_POST["age"];
$bio =$_POST["bio"];
$year =$_POST["year"];
$gender =$_POST["gender"];
$location =$_POST["location"];
$sql = "UPDATE user_info SET fullName ='$fullName', bio='$bio',age='$age', gender='$gender', location='$location', year='$year' WHERE username = '$username' ";
$do = mysqli_query($conn, $sql);
if(mysqli_affected_rows($conn) >0){
echo 0;
}
else{
echo $username;
}
Android应用程序代码
import android.app.AlertDialog;
import android.content.Context;
import android.os.AsyncTask;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
/**
* Created by andrewnguyen on 10/23/16.
*/
public class EditProfileBackgroundTask extends AsyncTask {
Context ctx;
AlertDialog alertDialog;
public EditProfileBackgroundTask(Context ctx) {
this.ctx = ctx;
}
@Override
protected void onPreExecute() {
alertDialog = new AlertDialog.Builder(ctx).create();
super.onPreExecute();
}
@Override
protected String doInBackground(String... params) {
String profile_url = "http://10.0.2.2:8888/profile.php";
String method = params[0];
if(method.equals("profile")){
Global global = new Global();
String fullName = params[1];
String age = params[2];
String bio = params[3];
String gender = params[4];
String location = params[5];
String year = params[6];
String username = params[7];
try {
URL url = new URL(profile_url);
HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
httpURLConnection.setRequestMethod("POST");
httpURLConnection.setDoOutput(true);
httpURLConnection.setDoInput(true);
OutputStream OS = httpURLConnection.getOutputStream();
BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(OS, "UTF-8"));
String data = URLEncoder.encode("username", "UTF-8") + "=" +URLEncoder.encode(username, "UTF-8") +"&"+
URLEncoder.encode("fullName", "UTF-8") + "=" +URLEncoder.encode(fullName, "UTF-8") +"&"+
URLEncoder.encode("age", "UTF-8") + "=" +URLEncoder.encode(age, "UTF-8") +"&"+
URLEncoder.encode("bio", "UTF-8") + "=" +URLEncoder.encode(bio, "UTF-8") +"&"+
URLEncoder.encode("gender", "UTF-8") + "=" +URLEncoder.encode(gender, "UTF-8") +"&"+
URLEncoder.encode("year", "UTF-8") + "=" +URLEncoder.encode(year, "UTF-8") +"&"+
URLEncoder.encode("location", "UTF-8") + "=" +URLEncoder.encode(location, "UTF-8");
bufferedWriter.write(data);
bufferedWriter.flush();
bufferedWriter.close();
OS.close();
InputStream IS = httpURLConnection.getInputStream();
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(IS, "iso-8859-1"));
String response = "";
String line = "";
while ((line = bufferedReader.readLine())!=null){
response+=line;
}
bufferedReader.close();
IS.close();
httpURLConnection.disconnect();
return response;
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
return "Create Profile Failure";
}
@Override
protected void onProgressUpdate(Void... values) {
super.onProgressUpdate(values);
}
@Override
protected void onPostExecute(String result) {
if (result .equals("0")) {
super.onPostExecute(result);
alertDialog.setMessage("YAY");
alertDialog.show();
}
else if (result .equals("1")) {
alertDialog.setMessage("NO");
alertDialog.show();
}
else{
alertDialog.setMessage(result);
alertDialog.show();//THIS IS WHERE I CAN SEE THE RESULT andrewnguyen22(as seen in php echo $username)
}
}
}
它正确地显示我的用户名在我的Android模拟器...(通过警告对话框,如果其他人在后 - 执行)
Screenshot of result on emulator
我“回显”用户名仅用于调试目的。 –
[Little Bobby](http://bobby-tables.com/)说*** [你的脚本存在SQL注入攻击风险。](http://stackoverflow.com/questions/60174/how-can- ***)了解[MySQLi](http://php.net/manual)[准备](http://en.wikipedia.org/wiki/Prepared_statement)声明/en/mysqli.quickstart.prepared-statements.php)。即使[转义字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! [不相信吗?](http://stackoverflow.com/q/38297105/1011527) –
谢谢,我现在并不担心安全问题。 –