In my Java code I have something like this:
nameValuePairs.add(new BasicNameValuePair("sql", "INSERT INTO
`TABLE_NAME` ( `id` , ,`description`)VALUES (NULL , 'some text')"));
But when the string reaches the server, it is like:
$sql = $_POST['sql'];
$sql
contains:
INSERT INTO `TABLE_NAME` ( `id` , ,`description`)VALUES (NULL ,
\'some text\')
The thing is I want to pass SQL statements to my PHP server and execute them on the server like this:
mysql_query($sql,$con);
I want to me able to send SQL statements to server and then parse the response. But the SQL statements I want are to be built in the Java application.
How should this be done?
is this protected enough ?
if(isset($_GET['phpusername']) && ($_GET['phpusername'] == "user" ) )
{
if(isset($_GET['phppassword']) && ($_GET['phppassword'] == "pass" )) {
`//do some execution of raw sql query`
} }