Data not inserting into mysql database : android and php issue

Question

I know this question has been asked many times. but nothing worked. I am trying to just insert data from app to DB using PHP, android, and MySQL. I tried everything but didn't understand what is wrong here? I have added both the codes. whenever I try to insert anything it shows "success" on the app side. but MySQL DB remains blank. Any help is appreciated.

CODE:

user_feedback.php

<?php
 include_once("dbConfig.php");
      $store_name = isset($_POST['store_name']) ? $_POST['store_name'] : null;
      $name = isset($_POST['name']) ? $_POST['name'] : null;
      $feedback = isset($_POST['feedback']) ? $_POST['feedback'] : null;

   $sql = "insert into user_feedback (store_name,name,feedback) values ('$store_name','$name','$feedback')";
  if(mysqli_query($con,$sql)){
    echo 'success';
  }
  else{
    echo 'failure';
  }
  mysqli_close($con);
?>

Java

Feedback.java
package net.simple.insertintomysql;

import android.os.AsyncTask;
import android.support.v7.app.ActionBarActivity;
import android.os.Bundle;
import android.view.Menu;
import android.view.MenuItem;
import android.view.View;
import android.widget.EditText;
import android.widget.TextView;
import android.widget.Toast;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.List;


public class MainActivity extends ActionBarActivity {

     EditText editTextStoreName;
    EditText editTextName;
    EditText editTextFeedback;


    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        editTextStoreName = (EditText) findViewById(R.id.editTextstoreName);
        editTextName = (EditText) findViewById(R.id.editTextname);
        editTextFeedback = (EditText) findViewById(R.id.editTextFeedback);

    }

    public void insert(View view){
        String storename = editTextStoreName.getText().toString();
        String name = editTextName.getText().toString();
        String feedback= editTextFeedback.getText().toString();
        insertToDatabase(storename,name,feedback);
    }

    private void insertToDatabase(String storename, String name, String feedback){
        class SendPostReqAsyncTask extends AsyncTask<String, Void, String> {
          public  String storename=null;
            public String name=null;
            public String feedback=null;
            @Override
            protected String doInBackground(String... params) {
                String paramStorename = params[0];
                String paramName = params[1];
                String paramFeedback = params[2];

                //InputStream is = null;
                runOnUiThread(new Runnable() {
                    @Override
                    public void run() {
                        String storename = editTextStoreName.getText().toString();
                        String name = editTextName.getText().toString();
                        String feedback = editTextFeedback.getText().toString();
                    }
                });


                List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
                nameValuePairs.add(new BasicNameValuePair("storename", storename));
                nameValuePairs.add(new BasicNameValuePair("name", name));
                nameValuePairs.add(new BasicNameValuePair("feedback", feedback));

                try {
                    HttpClient httpClient = new DefaultHttpClient();
                    HttpPost httpPost = new HttpPost(
                            "http://192.168.1.2/new/user_feedback.php");
                    httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
                    HttpResponse response = httpClient.execute(httpPost);
                    HttpEntity entity = response.getEntity();

                    //is = entity.getContent();


                } catch (ClientProtocolException e) {

                } catch (IOException e) {

                }
                return "success";
            }

            @Override
            protected void onPostExecute(String result) {
                super.onPostExecute(result);

                Toast.makeText(getApplicationContext(), result, Toast.LENGTH_LONG).show();
                TextView textViewResult = (TextView) findViewById(R.id.textViewResult);
                textViewResult.setText("Inserted");
            }
        }
        SendPostReqAsyncTask sendPostReqAsyncTask = new SendPostReqAsyncTask();
        sendPostReqAsyncTask.execute(storename, name, feedback);
    }
    @Override
    public boolean onCreateOptionsMenu(Menu menu) {
        // Inflate the menu; this adds items to the action bar if it is present.
        getMenuInflater().inflate(R.menu.menu_main, menu);
        return true;
    }

    @Override
    public boolean onOptionsItemSelected(MenuItem item) {
        // Handle action bar item clicks here. The action bar will
        // automatically handle clicks on the Home/Up button, so long
        // as you specify a parent activity in AndroidManifest.xml.
        int id = item.getItemId();

        //noinspection SimplifiableIfStatement
        if (id == R.id.action_settings) {
            return true;
        }
        return super.onOptionsItemSelected(item);
    }
}

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Sep 01 '17 at 20:15
Don't just echo 'failure'. Checking the error will help you more. Or at least help us help you. echo "Error: " . $sql . "
" . $con->error — Barns, Sep 01 '17 at 20:39
Have you tried hard coding your values you want to insert to verify your insert is operating properly? — Barns, Sep 01 '17 at 20:56

RaffaD · Accepted Answer · 2017-09-01T20:31:43.187

Change this

 $store_name = isset($_POST['store_name']) ? $_POST['store_name'] : null;

      $sql = "insert into user_feedback (store_name,name,feedback) values ('$store_name','$name','$feedback')";

with this:

$store_name = isset($_POST['storename']) ? $_POST['storename'] : null;
    $sql = "insert into user_feedback (store_name,name,feedback) values ('".$store_name."','".$name."','".$feedback."')";

In your code you are set the POST variable storename and not store_nome P.S. To look at life you could use okHTTP libraries or volley to send data to the server.

UPDATE

Try use volley request

//not use AsyncTask because volley extends AsyncTask
private void inserDB(....){
RequestQueue queue = Volley.newRequestQueue(this);  
url = "your URL";
StringRequest postRequest = new StringRequest(Request.Method.POST, url, 
    new Response.Listener<String>() 
    {
        @Override
        public void onResponse(String response) {
            // response
            Log.d("Response", response);
        }
    }, 
    new Response.ErrorListener() 
    {
         @Override
         public void onErrorResponse(VolleyError error) {
             // error
             Log.d("Error.Response", response);
       }
    }
) {     
    @Override
    protected Map<String, String> getParams() 
    {  
            Map<String, String>  params = new HashMap<String, String>();  
            params.put("POSTkey1", "value");  
            params.put("POSTkey2", "value");
             
            return params;  
    }
};
queue.add(postRequest);
}

Did you check the table names if they are correct? Do you have store_name changer with storename? — RaffaD, Sep 01 '17 at 20:25
you can try to send values to this service with normal html form. so you can understand if the problem is on server side or client side. — tanaydin, Sep 01 '17 at 20:30

score 0 · Answer 2 · answered Sep 01 '17 at 20:17

0

You are sending as

storename

but trying to get as

store_name (as $_POST['store_name'] in php).

answered Sep 01 '17 at 20:17

tanaydin

5,171
28
45

I got it. But that's not the issue because still, the DB is same. every time I try to insert it gets nothing. – user7939485 Sep 01 '17 at 20:21

Data not inserting into mysql database : android and php issue

2 Answers2