0

I am new to using PHP and Java. I am making a Android app and I got an SQL syntax error... The Error:

returned to Java:

check the manual that corresponds to your MySQL server version for the right syntax to use near '@mail.com' at line 1. Any idea how I have to fix that.

I think that a problem of php script. How can I fix this. Any help is greatly appreciated

        // Login by email and password if access success setId()
        // Saved Email as static string "staticEmail" and used to get CustomerID from customer table
        // Get & set CustomerID to "string qr_id" if  email=".$email
        /* error:
     You have an error in your SQL syntax; check the manual that corresponds to your MySQL server
     version for the right syntax to use near '@mail.com' at line 1
        */



  <?php
    //connect to MySQL database
    mysql_connect("localhost","name","pass") or  die(mysql_error());
    mysql_select_db("tls_db");

      $output = array();    

      if (isset($_GET['email'])){       
        $email = $_GET['email'];
        $sql = mysql_query("select CustomerID from customer where email=".$email) or die(mysql_error());

      while($row=mysql_fetch_assoc($sql)){
            $output[] = $row;               
           }
        mysql_close();
        print(json_encode($output));    
       }
    ?>

Java:

        private void setId() {
        InputStream is = null;
        ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
        try {
            HttpClient httpclient = new DefaultHttpClient();
            HttpPost httppost = new HttpPost(
                    "http://"+URL+"/tls_db/log.php?email=" + staticEmail); //Post email [email protected]
            httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
            HttpResponse response = httpclient.execute(httppost);
            HttpEntity entity = response.getEntity();
            is = entity.getContent();
        } catch (Exception e) {
            Log.e("log_tag", "Error in http connection" + e.toString());
        }

        // Convert response to string
        try {
            BufferedReader reader = new BufferedReader(new InputStreamReader(
                    is, "iso-8859-1"), 8);
            sb = new StringBuilder();
            sb.append(reader.readLine() + "\n");

            String line = "";
            while ((line = reader.readLine()) != null) {
                sb.append(line + "\n");
            }
            result = sb.toString();
            is.close();
        } catch (Exception e) {
            Log.e("log_tag", "Error converting result " + e.toString());
        }

        try {
            JSONArray jArray = new JSONArray(result);
            for (int i = 0; i < jArray.length(); i++) {
                JSONObject json_data = jArray.getJSONObject(i);
                // Get CustomerId and set to (static string qr_id)
                qr_id = json_data.getString("CustomerID");
            }
        } catch (JSONException e1) {
            //iv.setVisibility(View.GONE);
            Toast.makeText(getBaseContext(), "Server Data Error",
                    Toast.LENGTH_LONG).show();
        } catch (ParseException e1) {
            e1.printStackTrace();
        }
        // Open class QRcode
        Intent iSuccess = new Intent(Login.this, QRcode.class);
        startActivity(iSuccess);
    }
Improve this question

1 Answer 1

Reset to default
3

You need to quote your $email in SQL query:

 $sql = mysql_query("select CustomerID from customer where email='".$email."'") or die(mysql_error());

Btw, your code is vulnerable to SQL Injections. Make sure to read how to protect from this vector of attack.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.