mysql insert with java and php: no error but no insert

Question

I have an Android java method that calls a remote php to insert data into a mysql table.

This is java code client side:

public static void insert(String email1, String email2) {
    List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
    nameValuePairs.add(new BasicNameValuePair("email1", email1));
    nameValuePairs.add(new BasicNameValuePair("email2", email2));

    try {
        DefaultHttpClient httpClient = new DefaultHttpClient();
        HttpPost httpPost = new HttpPost("myserver:8080/insert.php");
        httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
        HttpResponse httpResponse = httpClient.execute(httpPost);
        HttpEntity httpEntity = httpResponse.getEntity();
    } catch (UnsupportedEncodingException e) {
        e.printStackTrace();
    } catch (ClientProtocolException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }
    //How to catch and print php echo() here??
}

and this is the insert.php server side (re-edited):

<?php   
    $mysqli_connection = new mysqli("localhost:3306", "root", "password", "mydb");
    if ($mysqli_connection->connect_errno) {
        echo ("Connection Failure");
        exit();
    }


    $stmt = $mysqli->stmt_init();
    if ($stmt->prepare("INSERT INTO `mytable` (`email1`, `email2`) VALUES (?,?)")) {
        echo 'Success';
        $stmt->bind_param("ss", $_GET['email1'], $_GET['email2']);
        $stmt->execute();
        $stmt->close();
    } else {
        echo 'Error Inserting Content';
    }

    $mysqli->close();   
?>

When I call my java insert() method, no exception is returned, but no insert is done and mytable is empty.

1) What is wrong?
2) How can I see which error occured? How can I see a "log" of the the php-side execution?

Thank you very much. Geltry

score 3 · Answer 1 · edited May 23 '17 at 11:59

3

use backtick instead of single quote for column names and/or tableNames

INSERT INTO mytable(`email1`,`email2`) VALUES('$email1','$email2')

when do you use backtick?

when column name or table name is a Reserved Keyword in MySQL
when it contains space,

eg,

CREATE TABLE `hello word`(`Record ID` INT,....)

and you query is vulnerable with SQL Injection, please take time to read the article below

How can I prevent SQL injection in PHP?

edited May 23 '17 at 11:59

Community

1
1

answered Nov 11 '12 at 12:25

John Woo

258,903
69
498
492

Now I'm using backtick (and when I'll risolve, I'll also resolve the injection problem...). But it insert no data in my table. I don't know how to read errors adn messages printed in the 'echo' php function. I can't obtaind them reading HttpResponse/HttpEntity. :( – Geltrude Nov 11 '12 at 13:56

Olaf Dietsche · Accepted Answer · 2012-11-11T15:01:47.780

1

Look into your HttpResponse/HttpEntity. There you should see either 'Success' or 'Error Inserting Content'. You can also add the concrete errno and error string in your response to see, what's really going wrong.

You also mix HTTP POST and HTTP GET in your request. On the client side you use a HttpPost object and on the server side you expect the _GET variables to be set. You must use either GET or POST on both sides. Otherwise client and server won't understand each other.

With HttpEntity.getContent() you can read from an InputStream. Another approach would be to use EntityUtils.toString() to get a string representation of the response's content.

edited Nov 11 '12 at 15:01

answered Nov 11 '12 at 12:34

Olaf Dietsche

72,253
8
102
198

I read HttpResponse/HttpEntity with no success. Can you please tell me exaclty how? For instance: httpEntity.getMessage() or similar... Thank you – Geltrude Nov 11 '12 at 13:58
What do you mean with no success? See also the modified answer. – Olaf Dietsche Nov 11 '12 at 14:44
Your suggestion was right (and I had no mysqli library in php.ini) – Geltrude Nov 24 '12 at 06:11

mysql insert with java and php: no error but no insert

2 Answers2