1. 首页
  2. 问答
  3. 通过Android上的异步任务使用POST方法更新SQL数据库

通过Android上的异步任务使用POST方法更新SQL数据库

2016-11-08 32 views
0

我正在发布来自android应用程序的字符串数据,我正在开发一个SQL数据库。 (MAMP) - 本地服务器通过Android上的异步任务使用POST方法更新SQL数据库

我能够将所有POST数据从PHP复制到android应用程序,所以我相当确信java是稳定的。

php中的示例“echo $ username;”我在我的android模拟器上获得了andrewnguyen22。 它适用于我所有的PHP变量,所以我知道android POST是工作正常。

当我硬编码$ POST信息,并刷新PHP页面,该代码工作正常... 但继承人是令我感到困惑的事情...

SQL数据库不会使用Android的更新应用程序,而不是它回应用户名。这意味着没有行受到php的影响。任何人都能看到我的错误?

下面我发布了我的PHP和我的Java。

PHP代码:

require "conn.php"; 
$username = $_POST["username"]; 
$fullName = $_POST["fullName"]; 
$age =$_POST["age"]; 
$bio =$_POST["bio"]; 
$year =$_POST["year"]; 
$gender =$_POST["gender"]; 
$location =$_POST["location"]; 
$sql = "UPDATE user_info SET fullName ='$fullName', bio='$bio',age='$age', gender='$gender', location='$location', year='$year' WHERE username = '$username' "; 
$do = mysqli_query($conn, $sql); 
if(mysqli_affected_rows($conn) >0){ 
echo 0; 
} 
else{ 
    echo $username; 
}

Android应用程序代码

import android.app.AlertDialog; 
import android.content.Context; 
import android.os.AsyncTask; 

import java.io.BufferedReader; 
import java.io.BufferedWriter; 
import java.io.IOException; 
import java.io.InputStream; 
import java.io.InputStreamReader; 
import java.io.OutputStream; 
import java.io.OutputStreamWriter; 
import java.net.HttpURLConnection; 
import java.net.MalformedURLException; 
import java.net.URL; 
import java.net.URLEncoder; 

/** 
* Created by andrewnguyen on 10/23/16. 
*/ 

public class EditProfileBackgroundTask extends AsyncTask { 
Context ctx; 
AlertDialog alertDialog; 
public EditProfileBackgroundTask(Context ctx) { 
    this.ctx = ctx; 
} 
@Override 
protected void onPreExecute() { 
    alertDialog = new AlertDialog.Builder(ctx).create(); 

    super.onPreExecute(); 
} 

@Override 
protected String doInBackground(String... params) { 
    String profile_url = "http://10.0.2.2:8888/profile.php"; 
    String method = params[0]; 
    if(method.equals("profile")){ 
     Global global = new Global(); 
     String fullName = params[1]; 
     String age = params[2]; 
     String bio = params[3]; 
     String gender = params[4]; 
     String location = params[5]; 
     String year = params[6]; 
     String username = params[7]; 

     try { 
      URL url = new URL(profile_url); 
      HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection(); 
      httpURLConnection.setRequestMethod("POST"); 
      httpURLConnection.setDoOutput(true); 
      httpURLConnection.setDoInput(true); 
      OutputStream OS = httpURLConnection.getOutputStream(); 
      BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(OS, "UTF-8")); 
      String data = URLEncoder.encode("username", "UTF-8") + "=" +URLEncoder.encode(username, "UTF-8") +"&"+ 
        URLEncoder.encode("fullName", "UTF-8") + "=" +URLEncoder.encode(fullName, "UTF-8") +"&"+ 
        URLEncoder.encode("age", "UTF-8") + "=" +URLEncoder.encode(age, "UTF-8") +"&"+ 
        URLEncoder.encode("bio", "UTF-8") + "=" +URLEncoder.encode(bio, "UTF-8") +"&"+ 
        URLEncoder.encode("gender", "UTF-8") + "=" +URLEncoder.encode(gender, "UTF-8") +"&"+ 
        URLEncoder.encode("year", "UTF-8") + "=" +URLEncoder.encode(year, "UTF-8") +"&"+ 
        URLEncoder.encode("location", "UTF-8") + "=" +URLEncoder.encode(location, "UTF-8"); 

      bufferedWriter.write(data); 
      bufferedWriter.flush(); 
      bufferedWriter.close(); 
      OS.close(); 
      InputStream IS = httpURLConnection.getInputStream(); 
      BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(IS, "iso-8859-1")); 
      String response = ""; 
      String line = ""; 
      while ((line = bufferedReader.readLine())!=null){ 
       response+=line; 
      } 

      bufferedReader.close(); 
      IS.close(); 
      httpURLConnection.disconnect(); 
      return response; 
     } catch (MalformedURLException e) { 
      e.printStackTrace(); 
     } catch (IOException e) { 
      e.printStackTrace(); 
     } 

    } 

    return "Create Profile Failure"; 
} 


@Override 
protected void onProgressUpdate(Void... values) { 
    super.onProgressUpdate(values); 
} 

@Override 
protected void onPostExecute(String result) { 
    if (result .equals("0")) { 
     super.onPostExecute(result); 

     alertDialog.setMessage("YAY"); 
     alertDialog.show(); 
    } 
    else if (result .equals("1")) { 
     alertDialog.setMessage("NO"); 
     alertDialog.show(); 

    } 
    else{ 
     alertDialog.setMessage(result); 
     alertDialog.show();//THIS IS WHERE I CAN SEE THE RESULT andrewnguyen22(as seen in php echo $username) 
    } 
    } 
}

它正确地显示我的用户名在我的Android模拟器...(通过警告对话框,如果其他人在后 - 执行)

Screenshot of result on emulator

来源

2016-11-08 Andrew Nguyen

+0

我“回显”用户名仅用于调试目的。 –

+0

[Little Bobby](http://bobby-tables.com/)说*** [你的脚本存在SQL注入攻击风险。](http://stackoverflow.com/questions/60174/how-can- ***)了解[MySQLi](http://php.net/manual)[准备](http://en.wikipedia.org/wiki/Prepared_statement)声明/en/mysqli.quickstart.prepared-statements.php)。即使[转义字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! [不相信吗?](http://stackoverflow.com/q/38297105/1011527) –

+0

谢谢,我现在并不担心安全问题。 –

回答

1

由于您没有转义您的数据,因此任何发布字段中的简单'都会混淆您的连接SQL语句。如果值以\结尾,也是如此。可能有更多的场景......

注:既然你已经说你不关心安全性这个剧本,我不会使用预处理语句的重要性会传。但是如果其他人稍后阅读,则使用准备陈述代替

使用mysqli_real_escape_string()逃跑的投入,以确保一个简单的字符不会弄乱你的发言了。

$username = mysqli_real_escape_string($conn, $_POST["username"]); 
$fullName = mysqli_real_escape_string($conn, $_POST["fullName"]); 
$age = mysqli_real_escape_string($conn, $_POST["age"]); 
$bio = mysqli_real_escape_string($conn, $_POST["bio"]); 
// ...do the same for the rest...

来源

2016-11-08 16:46:43

+0

很棒的回答。再次感谢 –

相关问题

 相关问题