Inserting Data into MySQL from Android

Question

I am unable to insert data into my MySQL database. And I also have send reply back to Android Module to show if the data is saved or not.

PHP code:

   $id = $_POST['Id'];
        $name = $_POST['Name'];
        $email = $_POST['Email'];

        $con = new PDO("mysql:host=localhost;dbname=test", "root", "");

        $query = "Insert into record values ('$id','$name','$email')";
        //$query = "Select * from record";
        $result = $con->query($query);

And Android code:

    protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_add_new);

    final EditText Id = (EditText) findViewById(R.id.editText);
    final String id = Id.getText().toString();
    final EditText Name = (EditText) findViewById(R.id.editText2);
    final String name = Name.getText().toString();
    final EditText Email = (EditText) findViewById(R.id.editText3);
    final String email = Id.getText().toString();

    Button SavePush = (Button) findViewById(R.id.button3);
    SavePush.setOnClickListener(new View.OnClickListener() {
        @Override
        public void onClick(View v) {

            DefaultHttpClient httpclient = new DefaultHttpClient();
            HttpPost httpPost = new HttpPost("http://10.0.3.2:8080/insert.php");

            try{

                ArrayList NameValuePairs = new ArrayList<NameValuePair>(3);
                NameValuePairs.add(new BasicNameValuePair("Id",id));
                NameValuePairs.add(new BasicNameValuePair("Name", name));
                NameValuePairs.add(new BasicNameValuePair("Email", email));

                httpPost.setEntity(new UrlEncodedFormEntity(NameValuePairs));
                HttpResponse response = httpclient.execute(httpPost);
            }catch (Exception e){e.printStackTrace();}
        }
    });
}

you can't communicate with internet in UI thread , you must use `Thread` or `AsyncTask` , read your logcat to get usefull data , you must got `android.os.NetworkOnMainThreadException` for more info about that read http://stackoverflow.com/questions/6343166/android-os-networkonmainthreadexception — Shayan Pourvatan, Feb 15 '15 at 11:57
The problem is in insert into statement, table names are missing — Amit Verma, Feb 15 '15 at 11:58
You don't seem to have tested the PDO query for success - see the manual for the return values. Also, you have a SQL injection hole here, so if you don't want to get hacked, switch to prepared statements. — halfer, Feb 15 '15 at 11:59
You can respond to the app using XML, JSON or just an HTTP response code. That would be something you could research and try? There are sure to be examples out there. — halfer, Feb 15 '15 at 12:01
@shayanpourvatan Can you show me how to do that. I need to insert data and retrieve — Kiva John, Feb 15 '15 at 12:53
@halfer I tested my PDO locally via form through HTML Post. I am learning it, Thanks i will surely look into SQL injections :) — Kiva John, Feb 15 '15 at 12:55
i solved following problem using OKHttp & getting response on UIthread — Kiva John, Oct 23 '16 at 12:01

score 0 · Answer 1 · answered Feb 15 '15 at 12:32

0

Move your api call to asynctask or thread. You cannot use them in main ui thread.

answered Feb 15 '15 at 12:32

Fahim

12,198
5
39
57

I don't know how to do that, can you post a quick solution ? – Kiva John Feb 15 '15 at 12:52
Refer this http://stackoverflow.com/questions/25647881/android-asynctask-example-and-explanation – Fahim Feb 15 '15 at 12:59

Kostas Drak · Answer 2 · 2015-02-15T12:10:27.000

-1

First of all modify your php code like:

$id = htmlentities($_POST['Id']);
$name = htmlentities($_POST['Name']);
$email = htmlentities($_POST['Email']);
try{
    $con = new PDO("mysql:host=localhost;dbname=test", "root", "");
    $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(Exception $e){
    echo $e->getMessage();
    die();
}
$query = "INSERT INTO record VALUES('?','?','?')";
$result = $con->prepare($query);
$result =  bindParam(?, $id);
$result =  bindParam(?, $name);
$result =  bindParam(?, $email);
$finalresult = $con->execute($result);

edited Feb 15 '15 at 12:10

answered Feb 15 '15 at 12:01

Kostas Drak

3,222
6
28
60

Can you fix the SQL injection vuln too, or at least make note of it in your answer? As it stands, this encourages the OP not to do anything about that. Also, I'm not sure echoing an error on a live service is a good idea - that might help an attacker understand the structure of the underlying tables, and aid their attack. – halfer Feb 15 '15 at 12:02
This code is giving me error on bindpram, saying call to uncdefined pram buildPram() – Kiva John Feb 15 '15 at 12:37

Inserting Data into MySQL from Android

2 Answers2