Returning specific number of values from php to Android

Question

I'm experiencing troubles with my android code. I'm trying to plot a graph within Android. I want to connect to MySQL base using PHP script. I'm trying to send some parameters to script, but it keeps returning null. PHP code:

<?

mysql_connect(...);
mysql_select_db("temperature");

$Vreme = $_POST['Vreme'];
$Datum = $_POST['Datum'];

$q = mysql_query("SELECT * FROM temperature WHERE 
           ((datum > $Datum) || (datum = $Datum)) && (vreme > $Vreme) ");
while($e = mysql_fetch_assoc($q))
    $output[] = $e;

print(json_encode($output));

mysql_close();
?>

And Android code:

ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
nameValuePairs.add(new BasicNameValuePair("Vreme",s1));
nameValuePairs.add(new BasicNameValuePair("Datum",s2));
InputStream is = null;
try {
    String adresa="http://senzori.open.telekom.rs/grafik.php";
    HttpPost httppost = new HttpPost(adresa);
    httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
    HttpClient httpclient = new DefaultHttpClient();
    HttpResponse response = httpclient.execute(httppost);
    HttpEntity entity = response.getEntity();
    is = entity.getContent();
}
catch(Exception e) {
    Log.e("log_tag", "Error in http connection "+e.toString());
}
//convert response to string
try {
    BufferedReader reader = new BufferedReader(new InputStreamReader(is,"iso-8859-1"),8);
    StringBuilder sb = new StringBuilder();
    String line = null;
    while ((line = reader.readLine()) != null) {
        sb.append(line + "\n");
    }
    is.close();
    result = sb.toString();

}
catch(Exception e) {
    Log.e("log_tag", "Error converting result "+e.toString());
}

try to print out s1 and s2 values to check for null fields, as well as try to run the php script by itself to see if you get values in your browser — kabuto178, Dec 27 '12 at 14:01
Although i'm not sure about the awnser, your code is highly insecure. Dont use `mysql` but use `mysqli` or `pdo` and also sanitize your vars. You are vulnerable for SQL injection with your PHP code. — Hugo Delsing, Dec 27 '12 at 14:03
Can you `print_r($output)` and check if you are getting any output ? Also as Hugo mentioned, you need to sanitize POST variables which you have used. — GoodSp33d, Dec 27 '12 at 14:19
What it means to snitize POST values? I'm having some sort of authentication before running the script. What is the difference between mysql an mysqli? — Brana, Dec 27 '12 at 14:30
http://stackoverflow.com/questions/1171344/advantages-of-mysqli-over-mysql also check http://stackoverflow.com/tags/php/info there is a part about SQL injection. Its a good read anyway. — Hugo Delsing, Dec 27 '12 at 14:46
I tried to print my input values, and it works well. But I'm still having trouble with sending back from php to android values form database that I want — Brana, Dec 27 '12 at 15:03

score 1 · Accepted Answer · edited May 23 '17 at 12:31

1

Combined awnser of the comments:

1: change to mysqli or pdo (see Advantages Of MySQLi over MySQL)

2: prevent sql injection (see halfway down https://stackoverflow.com/tags/php/info)

Also when looking at your code you dont use quotes around your date (and vreme if its not numeric). Try

"SELECT * FROM temperature WHERE (datum>='$Datum' && vreme>'$Vreme')"

If it doesnt work test your page in a regular browser to make sure the PHP part works. Also you could add some var_dump() to check values.

edited May 23 '17 at 12:31

Community

1
1

answered Dec 27 '12 at 14:51

Hugo Delsing

13,803
5
45
72

You're missing a ')' at the and of your query but I changed it and now everything works fine. Thank you! – Brana Dec 27 '12 at 15:30
So I guess the other advises are under consideration ? :) – Hugo Delsing Dec 27 '12 at 15:34

score 0 · Answer 2 · answered Dec 27 '12 at 14:50

0

You should try to debug the individual parts individually.

Try to connect to your php-page using a normal browser. If it works you know the error is in your java-code. If it doesn't work you could leave the java-code alone for now and focus on making the php-page work.
Hard code valid values for Datum and Vreme and see if the php-code works when leaving the POST-part out of the equation.
Try your query in mysql to see that it does what you expect before putting into php.
Enable the general query log to see what php sends to mysql.

This way you will pin point the error.

answered Dec 27 '12 at 14:50

Andreas Wederbrand

38,065
11
68
78

When I run my query on base it works, when I hard code values to script and run it in browser it doesn't work, when I print just the values I got from Android it works. Any ideas? – Brana Dec 27 '12 at 15:23
You need to add debugging outputs from the php-page to see where it fails. Print basic things like the query string, the parameters and so on. Also try simpler queries like "select now() from dual" to see that you are using the database the correct way. – Andreas Wederbrand Dec 27 '12 at 15:28

Returning specific number of values from php to Android

2 Answers2