Using a PHP file and MySQLI, data is passed from an Android app to a MySQL database. However, it seems that certain characters entered such as " " and "&" will cause wrong inputs. I have been able to use the Java replace function to fix " "'s but I'm sure there are many special characters available which will cause similar errors. For example: www.example.com?Input1=Test&Input.
I am wondering if there is a fix to prevent MySQLI from interpreting the input in this way.
Also, if it helps this is my PHP code:
<?php
//Open a new connection to the MySQL server
$mysqli = new mysqli('localhost','createyo_james','password','createyo_TestDatabase');
//Output any connection error
if ($mysqli->connect_error) {
die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error);
}
//values to be inserted in database table
$NewsStory = $_GET["NewsStory"];
$Summary1 = $_GET["Summary1"];
$Summary2 = $_GET["Summary2"];
$Summary3 = $_GET["Summary3"];
$Picture1URL = $_GET["Picture1URL"];
$Picture2URL = $_GET["Picture2URL"];
$Picture3URL = $_GET["Picture3URL"];
$Picture4URL = $_GET["Picture4URL"];
$Picture5URL = $_GET["Picture5URL"];
$Tags = $_GET["Tags"];
$Body = $_GET["Body"];
$Sources = $_GET["Sources"];
var_dump($_GET["NewsStory"]);
$query = "INSERT INTO Articles (NewsStory, Summary1, Summary2, Summary3, Picture1URL, Picture2URL, Picture3URL, Picture4URL, Picture5URL, Tags, Body, Sources) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$statement = $mysqli->prepare($query);
var_dump($query);
//bind parameters for markers, where (s = string, i = integer, d = double, b = blob)
$statement->bind_param('ssssssssssss', $NewsStory, $Summary1, $Summary2, $Summary3, $Picture1URL, $Picture2URL, $Picture3URL, $Picture4URL, $Picture5URL, $Tags, $Body, $Sources);
if($statement->execute()){
print 'Success! ID of last inserted record is : ' .$statement->insert_id .'<br />';
}else{
die('Error : ('. $mysqli->errno .') '. $mysqli->error);
}
$statement->close();
?>
