0

I have a some text on an android client, I want to send it to the database(MySQL). How do I do this.Please help me with this. I tried using php and Mysql. Is the query in Php right??

Here is what I have tried Insert.java

public class Insert extends ListActivity {
String[] ct_name = null;

@Override
public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    // setContentView(R.layout.main);

    InputStream is = null;
    // http post
    ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();       
    nameValuePairs.add(new BasicNameValuePair("c_name","KL"));
    try{
        HttpClient httpclient = new DefaultHttpClient();
        HttpPost httppost = new HttpPost("http://10.0.2.2/city1.php");
        httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
        HttpResponse response = httpclient.execute(httppost);
        HttpEntity entity = response.getEntity();
        is = entity.getContent();
        }catch(Exception e){
        Log.e("log_tag", "Error in http connection"+e.toString());
        }
    }

}

I am not sure about the php file but here goes

city1.php

<?php
   $hostname_localhost ="localhost";
   $database_localhost ="mydatabase";
   $username_localhost ="root";
   $password_localhost ="";

$localhost = mysql_connect($hostname_localhost,$username_localhost,$password_localhost) 
    or trigger_error(mysql_error(),E_USER_ERROR);

   mysql_select_db($database_localhost);
   $sql=mysql_query("INSERT INTO CITY (CITY_NAME)VALUES('".$_REQUEST['c_name']."')");
   //for updation
   //$sql=update CITY set CITY_NAME='".$_REQUEST['c_name']."' where CITY_ID=22
   $r=mysql_query($sql);
   if(!$r)
   echo "Error in query: ".mysql_error();
   mysql_close();
?>

MYSQL

CREATE TABLE `mydatabase`.`city` (
`CITY_ID` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`CITY_NAME` VARCHAR( 50 ) NOT NULL
) ENGINE = MYISAM ;
Improve this question
8
  • 1
    Can you describe what happens when you try these things at the moment? Do you get error messages at all? Commented Mar 3, 2012 at 12:12
  • @halfer I don't get any error message as such. But when I check my database the data "KL" is not added into the table Commented Mar 3, 2012 at 12:15
  • OK, debugging time then. Have you checked that $_REQUEST is populated with value(s) from your sender? Commented Mar 3, 2012 at 12:17
  • (You should bear in mind that your code as it stands permits SQL injection - so don't run this on the internet unless you don't mind people dropping your database for you!) Commented Mar 3, 2012 at 12:18
  • No this is just for learning @halfer :) Can u suggest a good tutorial to overcome SQL Injection. It would be great Commented Mar 3, 2012 at 12:23

1 Answer 1

Reset to default
4

I'd change this:

$sql=mysql_query("INSERT INTO CITY (CITY_NAME)VALUES('".$_REQUEST['c_name']."')");

to

$c_name = mysql_real_escape_string($_REQUEST['c_name']);
$sql = mysql_query("INSERT INTO CITY (CITY_NAME) VALUES('".$c_name."')");

Otherwise, you're vulnerable to SQL injection attacks!

EDIT:

I'm assuming this line:

$sql=mysql_query("INSERT ...

should be

$sql="INSERT ...

?

Otherwise this line makes no sense:

$r=mysql_query($sql);

Also, is there any output indicating an error when accessing http://10.0.2.2/city1.php?c_name=Foobar from your browser?

@JLevett Even though unrelated to the problem at hand, that vuln was the first thing that caught my eye, so I wanted to point that out quickly, before dealing with the problem itself.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Although SQL injection is a problem it's not a solution to this question.
@caspase - Thank you so much. But In the database its populating more values than require. Why is that happening?
Most mysql/php related questions are followed up by an answer involving inject. It would of been better suited as a comment like the others. However your updated answer makes sense as the OP is calling mysql_query twice.
@JLevett Sorry, didn't have the "Comment everywhere" privilege until now ;)
@JLevett - The value is getting inserted but its repeating 4 times. Why is that happening??

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.