【发布时间】:2020-02-18 13:59:52
【问题描述】:
我对 android 编程非常陌生,但我遇到了 OutputStreamWriter 的问题。现在,我正在开发一个简单的测试应用程序来向服务器发送 POST 请求。服务器端有一个 PHP 应用程序,旨在将数据写入 MYSQL 数据库。当我运行我的 android 应用程序时,它会正确访问 PHP 文件,但未传递参数。
我一直在对所有类型的论坛进行广泛搜索,并尝试了一些给出的答案,但对我没有任何帮助。我做错了什么?
PHP
<?$conecta = mysqli_connect('localhost','username','password','killerbees');
if (!$conecta) {echo "Unable to verify nickname. Please, try again later!";}
else
{
$sql = "SELECT * FROM KillerBees WHERE nickname = '" . addslashes($_POST['kbfnickname']) . "'";
if ($resultado = mysqli_query($conecta,$sql))
{
if (mysqli_num_rows($resultado) == 0)
{
$sql = "INSERT INTO KillerBees (nickname, password, level, seconds) VALUES ('" . addslashes($_POST['kbfnickname']) . "', '" . addslashes($_POST['kbfpassword']) . "', 0, 0)";
$resultado = mysqli_query($conecta,$sql);
$_SESSION['nickname'] = $_POST['kbfnickname'];
$_SESSION['level'] = 0;
$_SESSION['seconds'] = 0;
echo "form_register";
}
else
{
$linha = mysqli_fetch_array($resultado);
if ($linha['password']==stripslashes($_POST['kbfpassword']))
{
$file = glob("users/".$_POST['kbfnickname']."*");
$_SESSION['nickname'] = $_POST['kbfnickname'];
$_SESSION['level'] = $linha['level'];
$_SESSION['seconds'] = $linha['seconds'];
if (sizeof($file)!=0 and $linha['email']!="")
{
echo "form_game";
}
else
{
echo "form_register";
}
}
else
{
echo "The combination nickname/password doesn't exist in our database.";
}
}
}
else
{
echo "Unable to verify nickname. Please, try again later!";
}
if ($conecta) mysqli_close($conecta);
}?>
安卓 JAVA
@Override
protected String doInBackground(String... arg0) {
try{
String nickname = arg0[0];
String password = arg0[1];
String link="https://savvyartstudio.com/killerbees/signin.php";
String urlParameters = URLEncoder.encode("kbfnickname", "UTF-8") + "=" + URLEncoder.encode(nickname, "UTF-8");
urlParameters += "&" + URLEncoder.encode("kbfpassword", "UTF-8") + "=" + URLEncoder.encode(password, "UTF-8");
URL url = new URL(link);
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
wr.write(urlParameters);
wr.flush();
wr.close();
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
StringBuilder sb = new StringBuilder();
String line;
line = reader.readLine();
sb.append(line);
reader.close();
return sb.toString();
} catch(Exception e){
return "Unable to verify nickname. Please, try again later!";
}
}
任何帮助将不胜感激!
【问题讨论】:
-
return "Unable to verify nickname. Please, try again later!";不,你不知道。可能还有其他原因。更好:return "Exception: " + e.getMessage();。你有这个例外吗?或者你会得到什么作为回声? doInBackground() 返回什么? -
您的代码易受 SQL 注入攻击。您应该使用准备好的语句。您需要尽快修复它。
-
@blackapps 它返回第一个回声“form_register”,这是我正在寻找的;但是,当我转到数据库时,我看到记录被插入,昵称和密码为空白
-
@Dharman,是的,我意识到,但这只是一个测试,而不是我将实现的实际代码
-
也许我应该添加以下内容:记录已添加到数据库中,但昵称和密码为空
标签: java php android parameters