【发布时间】:2015-06-02 07:13:27
【问题描述】:
我是 Android 编程的新手,我被困在 SQL 查询的中间,条件是 Where 条件。我想将数据库中的数据存储到数组列表中。但是我的脚本总是失败并显示错误消息。有人有线索吗?谢谢之前
SearchActivity.java
public class SearchActivity extends Activity {
private RadioGroup radiosexGroup;
private RadioButton radiosexButton;
public SeekBar seekBar;
public ArrayList<detailKosan> listKosan = new ArrayList<>();
int progress;
private ProgressDialog pDialog;
// URL to get contacts JSON
private static String url = "http://192.168.1.133/php_kukelkos/search_kosan.php";
// JSON Node names
private static final String TAG_KOSAN = "arrayKosan";
private static final String TAG_ID = "id";
private static final String TAG_NAMAKOS = "namaKosan";
private static final String TAG_ALAMAT = "alamat";
private static final String TAG_SEX = "gender";
private static final String TAG_TLP = "tlp";
private static final String TAG_HARGA = "harga";
private static final String TAG_KAMAR = "jmlKamar";
private static final String TAG_FASILITAS = "fasilitas";
private static final String TAG_KET = "keterangan";
private static final String TAG_LAT = "lat";
private static final String TAG_LNG = "lng";
// contacts JSONArray
JSONArray arrayKosan = null;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_search);
textView.setText("Rp 0 - Rp 0");
seekBar.setOnSeekBarChangeListener(new SeekBar.OnSeekBarChangeListener() {
@Override
public void onProgressChanged(SeekBar seekBar, int progresValue, boolean fromUser) {
progress = progresValue * 500000;
textView.setText("Rp 0 - Rp " + progress);
}
@Override
public void onStartTrackingTouch(SeekBar seekBar) {
textView.setText("Rp 0 - Rp " + progress);
}
@Override
public void onStopTrackingTouch(SeekBar seekBar) {
}
});
//Fungsi Button Search
search.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View arg0) {
searchKosan();
Intent menuSearch = new Intent(SearchActivity.this, ListKosanActivity.class);
startActivity(menuSearch);
finish();
}
});
public void searchKosan (){
int selected = radiosexGroup.getCheckedRadioButtonId();
radiosexButton = (RadioButton) findViewById(selected);
String buttonradio = radiosexButton.getText().toString();
String msg = "";
String keyval[][]= {{"harga", String.valueOf(progress)},{"gender", buttonradio}};
AsyncTask<String, Void, String> asycn = new myAsyncData(SearchActivity.this, keyval, "Loading...");
asycn.execute(url);
String data = "";
boolean state = false;
try {
JSONObject jobj = null;
try {
data = asycn.get().toString();
} catch (ExecutionException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
try {
jobj = new JSONObject(data);
msg = jobj.getString("message").toString();
state = jobj.getBoolean("state");
// Getting JSON Array node
arrayKosan = jobj.getJSONArray(TAG_KOSAN);
/**
* Updating parsed JSON data into Arraylist_detail
**/
for (int i = 0; i < arrayKosan.length(); i++) {
try {
JSONObject c = arrayKosan.getJSONObject(i);
int id = Integer.parseInt(TAG_ID);
String namaKosan = c.getString(TAG_NAMAKOS);
String alamat = c.getString(TAG_ALAMAT);
String sex = c.getString(TAG_SEX);
String tlp = c.getString(TAG_TLP);
int harga = c.getInt(TAG_HARGA);
String kamar = c.getString(TAG_KAMAR);
String fasilitas = c.getString(TAG_FASILITAS);
String ket = c.getString(TAG_KET);
String lat = c.getString(TAG_LAT);
Double latt = Double.parseDouble(lat);
String lng = c.getString(TAG_LNG);
Double lngg = Double.parseDouble(lng);
LatLng PosisiMarker = new LatLng(latt, lngg);
listKosan.add(new detailKosan(id, namaKosan, alamat, sex, tlp, harga, kamar, fasilitas, ket, latt, lngg));
} catch (JSONException e) {
e.printStackTrace();
}
}
} catch (JSONException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String title = (!state) ? "Error" : "Success";
if(title.equals("Success")) {
Toast.makeText(getApplicationContext(), msg , Toast.LENGTH_LONG).show();
finish();
Intent i = new Intent(SearchActivity.this, ListKosanActivity.class);
startActivity(i);
}
else {
AlertDialog.Builder b = new AlertDialog.Builder(SearchActivity.this);
b.setTitle(title);
b.setMessage(msg);
b.setNegativeButton("Dismiss", null);
AlertDialog a = b.create();
a.show();
}
}
}
这是我的 .php 文件
<?php
if ($_POST) {
$response = array();
// include db connect class
require_once __DIR__ . '/db_connect.php';
$db = new DB_CONNECT();
$harga = $_POST["harga"];
$gender = $_POST["gender"];
$fasilitas = $_POST["fasilitas"];
if(!empty($harga)&&!empty($gender)) {
$ins= mysql_query("SELECT * from tbkosan where harga <='".$harga."' and gender = '".$gender"'");
if (mysql_num_rows($ins> 0) {
$response["state"] = true;
$response["message"] = "Success";
$response["arrayKosan"] = array();
while ($row = mysql_fetch_array($ins)) {
// temp user array
$dataa= array();
$dataa["id"] = $row["id"];
$dataa["namaKosan"] = $row["namaKosan"];
$dataa["alamat"] = $row["alamat"];
$dataa["gender"] = $row["gender"];
$dataa["tlp"] = $row["tlp"];
$dataa["harga"] = $row["harga"];
$dataa["jmlKamar"] = $row["jmlKamar"];
$dataa["fasilitas"] = $row["fasilitas"];
$dataa["keterangan"] = $row["keterangan"];
$dataa["lat"] = $row["lat"];
$dataa["lng"] = $row["lng"];
// push single product into final response array
array_push($result["arrayKosan"], $dataa);
}
// success
$response["success"] = 1;
// echoing JSON response
echo json_encode($response);
}
else {
$response["success"] = 0;
$response["message"] = "Data tidak ada";
}
}
else {
$response["success"] = 0;
$response["message"] = "Harap isi data search terlebih dulu!";
echo json_encode($result);
}
}
?>
这是我的 ServiceHandler.java
public class ServiceHandler {
static String response = null;
public final static int GET = 1;
public final static int POST = 2;
public ServiceHandler() {
}
/**
* Making service call
* @url - url to make request
* @method - http request method
* */
public String makeServiceCall(String url, int method) {
return this.makeServiceCall(url, method, null);
}
/**
* Making service call
* @url - url to make request
* @method - http request method
* @params - http request params
* */
public String makeServiceCall(String url, int method,
List<NameValuePair> params) {
try {
// http client
DefaultHttpClient httpClient = new DefaultHttpClient();
HttpEntity httpEntity = null;
HttpResponse httpResponse = null;
// Checking http request method type
if (method == POST) {
HttpPost httpPost = new HttpPost(url);
// adding post params
if (params != null) {
httpPost.setEntity(new UrlEncodedFormEntity(params));
}
httpResponse = httpClient.execute(httpPost);
} else if (method == GET) {
// appending params to url
if (params != null) {
String paramString = URLEncodedUtils
.format(params, "utf-8");
url += "?" + paramString;
}
HttpGet httpGet = new HttpGet(url);
httpResponse = httpClient.execute(httpGet);
}
httpEntity = httpResponse.getEntity();
response = EntityUtils.toString(httpEntity);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return response;
}
}
结果是: 没有消息的警报框和关闭按钮(对不起,我不能发布图片嘿嘿)
【问题讨论】:
-
您的 PHP/查询中有 SQL injection vulnerabilities。
-
您需要在此处进行一些调试。是否调用了 PHP API?如果是,您是否检查过它在 Java 端的原始输出?
-
@halfer 是的,我知道它对 SQL 注入的弱点,但我并不关注它。我没有检查它在java中的原始输出,我不知道如何在android studio中做到这一点。我需要在我的设备上进行操作
-
不确定,只有 PHP 开发人员,所以无法帮助使用 Java。您是否检查过页面在 PHP 端已成功运行?您可以将调试信息写入 PHP 脚本末尾的文件,如果根本没有写入,您将知道脚本没有完成,或者它没有被调用。