最受欢迎

带变量的SQL Json查询

SQL Json Query With Variable

本文关键字:Json 查询 SQL 变量 | 更新日期: 2023-09-27

我正试图从android设备中使用IMEI变量查询SQL数据库,该变量已收到(用log.txt验证),但每当我将"00000000000000"(android虚拟设备IMEI)替换为"$androidIMEI"时,都不会返回结果,但如果我显式使用IMEI而不是变量,我会接收数据。

<?php
include 'config.php';
$con=mysql_connect("$servername", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$dbname")or die("cannot select DB");
$androidIMEI = isset($_POST['IMEI']) ? $_POST['IMEI'] : '';
//$f = fopen("log.txt", "w");
//fwrite($f, print_r($androidIMEI, true));
//fclose($f); 
$sql = "SELECT * from users WHERE Request = '0' AND IMEI = '000000000000000' ";
//$sql = "SELECT * from users WHERE Request = '0' AND IMEI = '$androidIMEI ' "; //not working
$result = mysql_query($sql);
$json = array();
if(mysql_num_rows($result)){
    while($row=mysql_fetch_assoc($result)){
    $json['users'][]=$row;
    }
}
mysql_close($con);
echo json_encode($json); 
?>

更新:(将SQL打印到日志文件)

$sql = "SELECT * from users WHERE Request = '0' AND IMEI = '$androidIMEI'";
$result = mysql_query($sql);
$f = fopen("log.txt", "w");
fwrite($f, print_r($sql, true));
fclose($f);

正在读取日志文件:

SELECT * from users WHERE Request = '0' AND IMEI = '000000000000000'

这就是为什么我不知道为什么它不起作用

第二次更新:

这可能很有用,来自android的代码,我如何将IMEI发送到PHP:

    class loadData extends AsyncTask<String, Integer, String> {
            private StringBuilder sb;
            private ProgressDialog pr;
            private HttpResponse req;
            private InputStream is;
            @Override
            protected void onPreExecute() {
                super.onPreExecute();
            }
            @SuppressWarnings("deprecation")
            @Override
            protected String doInBackground(String... arg0) {
                  ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();         
                nameValuePairs.add(new BasicNameValuePair("IMEI",IMEI));
                System.out.println("IMEI: "+IMEI);

                    try
                    {
                    HttpClient httpclient = new DefaultHttpClient();
                    HttpPost httppost = new HttpPost("http://mysite/myfile.php");
                    httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
                    HttpResponse response = httpclient.execute(httppost); 
                    HttpEntity entity = response.getEntity();
                    is = entity.getContent();
                    InputStreamReader ireader = new InputStreamReader(is);
                    BufferedReader bf = new BufferedReader(ireader);
                    sb = new StringBuilder();
                    String line = null;
                    while ((line = bf.readLine()) != null) {
                        sb.append(line);
                    }
                    Log.e("pass 1", "connection success ");

                }
                    catch(Exception e)
                {
                    System.out.println("Error catch e");

                }
                    return id;     
            }

更改CCD_ 1与CCD_。

此外,您还容易受到SQL注入的攻击。不要使用不推荐使用的mysql_*函数并过滤您的输入。有关更多信息,请访问How can I prevent SQL injection in PHP?

查询中$androidIMEI之后有一个space

$sql = "SELECT * from users WHERE Request = '0' AND IMEI = '$androidIMEI ' ";

应该是

$sql = "SELECT * from users WHERE Request = '0' AND IMEI = '$androidIMEI';";

试试这行

$sql="SELECT*from users WHERE Request='0'AND IMEI='{$android}IMEI'";

我希望它能起作用。

注意那些花括号。

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习