1

Here is the code for the php server:

?php


    //from the online tutorial:

    $usr = "bikemap";
      $pwd = "pedalhard";
      $db = "test";
      $host = "localhost";

      $cid = mysql_connect($host,$usr,$pwd);

      if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }

      $userID = $_POST['userID'];
      $date = $_POST['date'];
      $time = $_POST['time'];

      $lat = $_POST['lat'];
      $long = $_POST['longi'];
      $alt = $_POST['alt'];
       mysql_select_db("test");
      mysql_query("INSERT INTO gpsdata (userID, date, time, lat, longi, alt) VALUES ('$userID', '$date', '$time', '$lat','$longi','$alt') ") or die(mysql_error()); 

      /*$SQL = " INSERT INTO gpsdata ";
    $SQL = $SQL . " (userID, date, time, lat, longi, alt) VALUES ";
    $SQL = $SQL . " ('$userID', '$date', '$time', '$lat','$longi','$alt') ";
    $result = mysql_query("$SQL");

    if (!$result) {
        echo("ERROR: " . mysql_error() . "\n$SQL\n"); } */

    //echo ("New Link Added\n");



    mysql_close($cid); 
    ?>

Data sent from my android app:

 [userID=Loren, date=today, time=now, lat=bit 1, longi=bit 2, alt=bit 3]

For some reason my php doesnt read the data sent from the android app (shown above) properly but if I send the same data from a local web page the data posted parses as it should. 

public static void sendAccelerationData(String userIDArg, String dateArg, String timeArg,
            String timeStamp, String lat, String longi, String alt)
    {


        //Add data to be send.
        ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(6);
        nameValuePairs.add(new BasicNameValuePair("userID", userIDArg));
        nameValuePairs.add(new BasicNameValuePair("date",dateArg));
        nameValuePairs.add(new BasicNameValuePair("time",timeArg));
        //nameValuePairs.add(new BasicNameValuePair("timeStamp",timeStamp));

        nameValuePairs.add(new BasicNameValuePair("lat",lat));
        nameValuePairs.add(new BasicNameValuePair("longi",longi));
        nameValuePairs.add(new BasicNameValuePair("alt",alt));

        //this.sendData(nameValuePairs);
        try
        {
            TextLog.addLogStuff("SERV Trying to connect to Server");
            HttpClient httpclient = new DefaultHttpClient();
            HttpPost httppost = new      
            HttpPost("http://myserver.php");
            httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
            HttpResponse response = httpclient.execute(httppost);
            Log.i("ServerConn", response.getStatusLine().toString());
            TextLog.addLogStuff("SERV PostData:  "  +response.getStatusLine().toString());
                //Could do something better with response.
        }
        catch(Exception e)
        {
            Log.e("log_tag", "Error:  "+e.toString());
            TextLog.addLogStuff("SERV Connection error:  " +e.toString());
        }  
    }
Loren Zimmer
  • 482
  • 1
  • 6
  • 29
  • Take that tutorial out back and torture it to death. It's left you wide open to SQL injection attacks – Marc B Nov 11 '11 at 22:35
  • 3
    cough..SQL injection!..ahem..cough – Damien Pirsy Nov 11 '11 at 22:36
  • What they are trying to say is go use PDO... Seriously tho guys.. for a tutorial you don't care about sql injection – Zak Nov 11 '11 at 22:40
  • 1
    except it's so insecure, the code should be functional after-all. Can you please take a look at the logs to see if you receive a request and use var_dump($_POST) to see what are you actually get from android. – Narcis Radu Nov 11 '11 at 22:42
  • If you go for a tutorial, most likely is because you're beginning with that topic. And correcting a bad habit is ten times more difficult then developing a good one. If you don't know from the beginning this threats, chances are you'll know them too late in your career, or when the damage is done. So a tutorial that doens't tutorize (or whatever english word should be used here) is just someone showing you a faulty way of doing something with the intention of teaching you how to do it right – Damien Pirsy Nov 11 '11 at 22:42
  • Are you sure the Android sending post-data? – Puggan Se Nov 11 '11 at 22:43
  • @Zak do you have any suggestions where to learn PDO – Loren Zimmer Nov 11 '11 at 23:26
  • how about lmgtfy .com/?q=PDO+tutorial – Zak Nov 11 '11 at 23:29
  • omg lol just found out there is a ban on lmgtfy (.) com in the comments section!!! – Zak Nov 11 '11 at 23:30
  • @PugganSe the output of the Android is listed above – Loren Zimmer Nov 11 '11 at 23:31
  • Its obvious after some logging that the android isn't giving the php server the data formatted the way it needs to be. Any thoughts? – Loren Zimmer Nov 12 '11 at 01:17

3 Answers3

0

I'd need to see the code you are using in Android to POST the data to know for sure, but it seems like your Android app isn't posting the data in the correct format. You should be doing it something like this: Android, Java: HTTP POST Request.

Community
  • 1
  • 1
John Watson
  • 2,554
  • 1
  • 17
  • 13
0

As @John Watson said, it's because your android app doesn't send the data as your 'local web page'. You can post your android app code (i won't help with that) or log the sent data somewhere else to see what's incorrect. write them to a log file or send them by mail. I recommand log it.

<?php
$post = var_export($_POST, true);
$f= fopen('log', 'a+');
fwrite($f, $post);
fclose($f);

Correct file rights needed. Then watch your log file 'log'

As Said, this script is not for production, because sent data need to be checked/escaped to avoid sql injections.

7seb
  • 172
  • 10
0

I think a server redirect was messing up the information.

Loren Zimmer
  • 482
  • 1
  • 6
  • 29