1. 首頁
  2. 問答
  3. 在httpget上發送mysql從param到php

在httpget上發送mysql從param到php

2012-10-22 29 views
0

這是一個android應用程序的一部分...當我指定mysql_query而不使用$ _ POST ['varname']。要使用用戶可定義的不同參數嚮應用程序添加搜索功能,我正嘗試從PHP應用程序傳遞httpget時傳遞的值中構建PHP腳本中的查詢... php腳本的行看起來像這樣:在httpget上發送mysql從param到php

$result = mysql_query("SELECT * FROM businessdata WHERE '" 
    . $_POST['varQuery2']."' = '" 
    . $_POST['varQuery1']"'") 
    or die(mysql_error());

,然後方法如下:(爲了完整這裏方法指定字符串值「GET」時,該方法被調用)

public JSONObject makeHttpRequest(String url, String method, 
     List<NameValuePair> params, String value, String value2) { 

    // Making HTTP request 
    try { 

     // check for request method 
     if(method == "POST"){ 
      // request method is POST 
      // defaultHttpClient 
      DefaultHttpClient httpClient = new DefaultHttpClient(); 
      params.add(new BasicNameValuePair("varQuery2", value)); 
      params.add(new BasicNameValuePair("varQuery1", value2)); 
      HttpPost httpPost = new HttpPost(url); 
      httpPost.setEntity(new UrlEncodedFormEntity(params)); 

      HttpResponse httpResponse = httpClient.execute(httpPost); 
      HttpEntity httpEntity = httpResponse.getEntity(); 
      is = httpEntity.getContent(); 

     }else if(method == "GET"){ 
      // request method is GET 
      DefaultHttpClient httpClient = new DefaultHttpClient(); 

      params.add(new BasicNameValuePair("varQuery2", value)); 
      params.add(new BasicNameValuePair("varQuery1", value2)); 
      String paramString = URLEncodedUtils.format(params, "UTF-8"); 
      url += "?" + paramString; 
      HttpGet httpGet = new HttpGet(url); 

      HttpResponse httpResponse = httpClient.execute(httpGet); 
      HttpEntity httpEntity = httpResponse.getEntity(); 
      is = httpEntity.getContent(); 
     }   

    } catch (UnsupportedEncodingException e) { 
     e.printStackTrace(); 
    } catch (ClientProtocolException e) { 
     e.printStackTrace(); 
    } catch (IOException e) { 
     e.printStackTrace(); 
    } 

    try { 
     BufferedReader reader = new BufferedReader(new InputStreamReader(
       is, "iso-8859-1"), 8); 
     StringBuilder sb = new StringBuilder(); 
     String line = null; 
     while ((line = reader.readLine()) != null) { 
      sb.append(line + "\n"); 
     } 
     is.close(); 
     json = sb.toString(); 
    } catch (Exception e) { 
     Log.e("Buffer Error", "Error converting result " + e.toString()); 
    } 

    // try parse the string to a JSON object 
    try { 
     jObj = new JSONObject(json); 
    } catch (JSONException e) { 
     Log.e("JSON Parser", "Error parsing data " + e.toString()); 
    } 

    // return JSON String 
    return jObj; 

}

來源

2012-10-22 Skindeep2366

+0

不應該行String paramString = URLEncodedUtils.format(params,「UTF-8」);在添加參數之後來? – Manish

+0

不知道但聽起來合乎邏輯...讓我看看會發生什麼..我會在嘗試後用當前代碼更新帖子... – Skindeep2366

+0

您的PHP代碼和問題涉及HTTPPost,但您在HTTPClient中執行HTTPGet。代碼似乎存在斷開。 – Manish

回答

1 
$result = mysql_query("SELECT * FROM businessdata WHERE '" 
    . mysql_real_escape_string($_REQUEST['varQuery2'])."' = '" 
    . mysql_real_escape_string($_REQUEST['varQuery1'])."'") 
    or die(mysql_error());

使用* _real_escape_string用於處理與SQL注入。

來源

2012-10-22 04:54:17

相關問題

 相關問題