doukeng7426 2015-03-17 17:14
浏览 48
已采纳

Java Php连接错误从数据库中检索信息

I am new to using PHP and Java. I am making a Android app and I got an SQL syntax error... The Error:

returned to Java:

check the manual that corresponds to your MySQL server version for the right syntax to use near '@mail.com' at line 1. Any idea how I have to fix that.

I think that a problem of php script. How can I fix this. Any help is greatly appreciated

        // Login by email and password if access success setId()
        // Saved Email as static string "staticEmail" and used to get CustomerID from customer table
        // Get & set CustomerID to "string qr_id" if  email=".$email
        /* error:
     You have an error in your SQL syntax; check the manual that corresponds to your MySQL server
     version for the right syntax to use near '@mail.com' at line 1
        */



  <?php
    //connect to MySQL database
    mysql_connect("localhost","name","pass") or  die(mysql_error());
    mysql_select_db("tls_db");

      $output = array();    

      if (isset($_GET['email'])){       
        $email = $_GET['email'];
        $sql = mysql_query("select CustomerID from customer where email=".$email) or die(mysql_error());

      while($row=mysql_fetch_assoc($sql)){
            $output[] = $row;               
           }
        mysql_close();
        print(json_encode($output));    
       }
    ?>

Java:

        private void setId() {
        InputStream is = null;
        ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
        try {
            HttpClient httpclient = new DefaultHttpClient();
            HttpPost httppost = new HttpPost(
                    "http://"+URL+"/tls_db/log.php?email=" + staticEmail); //Post email 123@mail.com
            httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
            HttpResponse response = httpclient.execute(httppost);
            HttpEntity entity = response.getEntity();
            is = entity.getContent();
        } catch (Exception e) {
            Log.e("log_tag", "Error in http connection" + e.toString());
        }

        // Convert response to string
        try {
            BufferedReader reader = new BufferedReader(new InputStreamReader(
                    is, "iso-8859-1"), 8);
            sb = new StringBuilder();
            sb.append(reader.readLine() + "
");

            String line = "";
            while ((line = reader.readLine()) != null) {
                sb.append(line + "
");
            }
            result = sb.toString();
            is.close();
        } catch (Exception e) {
            Log.e("log_tag", "Error converting result " + e.toString());
        }

        try {
            JSONArray jArray = new JSONArray(result);
            for (int i = 0; i < jArray.length(); i++) {
                JSONObject json_data = jArray.getJSONObject(i);
                // Get CustomerId and set to (static string qr_id)
                qr_id = json_data.getString("CustomerID");
            }
        } catch (JSONException e1) {
            //iv.setVisibility(View.GONE);
            Toast.makeText(getBaseContext(), "Server Data Error",
                    Toast.LENGTH_LONG).show();
        } catch (ParseException e1) {
            e1.printStackTrace();
        }
        // Open class QRcode
        Intent iSuccess = new Intent(Login.this, QRcode.class);
        startActivity(iSuccess);
    }
  • 写回答

1条回答 默认 最新

  • douluhaikao93943 2015-03-17 17:15
    关注

    You need to quote your $email in SQL query:

     $sql = mysql_query("select CustomerID from customer where email='".$email."'") or die(mysql_error());

    Btw, your code is vulnerable to SQL Injections. Make sure to read how to protect from this vector of attack.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值