我从互联网上获得代码,并试图通过http-post发送一个大文本。我不确定这段代码是否用于http post,但我相信是的。我有一个php页面,在那里我可以获得参数并将它们添加到数据库中。当文本类似于5 6个字符时,该方法工作正常并更新数据库。当我发送类似300个字符的消息时,它不会更新数据库。我在数据库中的消息列是长文本类型。可能是什么问题?提前谢谢。
public String sendMessage(String username, String tousername, String message) throws UnsupportedEncodingException
{
String params = "username="+ URLEncoder.encode(this.username,"UTF-8") +
"&password="+ URLEncoder.encode(this.password,"UTF-8") +
"&to=" + URLEncoder.encode(tousername,"UTF-8") +
"&message="+ URLEncoder.encode(message,"UTF-8") +
"&action=" + URLEncoder.encode("sendMessage","UTF-8")+
"&";
Log.i("PARAMS", params);
return socketOperator.sendHttpRequest(params);
}
public String sendHttpRequest(String params)
{
URL url;
String result = new String();
try
{
url = new URL(AUTHENTICATION_SERVER_ADDRESS);
HttpURLConnection connection;
connection = (HttpURLConnection) url.openConnection();
connection.setDoOutput(true);
PrintWriter out = new PrintWriter(connection.getOutputStream());
out.println(params);
out.flush();
out.close();
BufferedReader in = new BufferedReader(
new InputStreamReader(
connection.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null) {
result = result.concat(inputLine);
}
in.close();
}
catch (MalformedURLException e) {
e.printStackTrace();
}
catch (IOException e) {
e.printStackTrace();
}
if (result.length() == 0) {
result = HTTP_REQUEST_FAILED;
}
return result;
}
php代码
case "sendMessage":
if ($userId = authenticateUser($db, $username, $password))
{
if (isset($_REQUEST['to']))
{
$tousername = $_REQUEST['to'];
$message = $_REQUEST['message'];
$sqlto = "select Id from users where username = '".$tousername."' limit 1";
if ($resultto = $db->query($sqlto))
{
while ($rowto = $db->fetchObject($resultto))
{
$uto = $rowto->Id;
}
$sql22 = "INSERT INTO `messages` (`fromuid`, `touid`, `sentdt`, `messagetext`) VALUES ('".$userId."', '".$uto."', '".DATE("Y-m-d H:i")."', '".$message."');";
error_log("$sql22", 3 , "error_log");
if ($db->query($sql22))
{
$out = SUCCESSFUL;
}
else {
$out = FAILED;
}
$resultto = NULL;
}
$sqlto = NULL;
}
}
else
{
$out = FAILED;
}
break;
echo out;
class MySQL
{
private $dbLink;
private $dbHost;
private $dbUsername;
private $dbPassword;
private $dbName;
public $queryCount;
function MySQL($dbHost,$dbUsername,$dbPassword,$dbName)
{
$this->dbHost = $dbHost;
$this->dbUsername = $dbUsername;
$this->dbPassword = $dbPassword;
$this->dbName = $dbName;
$this->queryCount = 0;
}
function __destruct()
{
$this->close();
}
//connect to database
private function connect() {
$this->dbLink = mysql_connect($this->dbHost, $this->dbUsername, $this->dbPassword);
if (!$this->dbLink) {
$this->ShowError();
return false;
}
else if (!mysql_select_db($this->dbName,$this->dbLink)) {
$this->ShowError();
return false;
}
else {
mysql_query("set names latin5",$this->dbLink);
return true;
}
unset ($this->dbHost, $this->dbUsername, $this->dbPassword, $this->dbName);
}
/*****************************
* Method to close connection *
*****************************/
function close()
{
@mysql_close($this->dbLink);
}
/*******************************************
* Checks for MySQL Errors
* If error exists show it and return false
* else return true
*******************************************/
function ShowError()
{
$error = mysql_error();
//echo $error;
}
/****************************
* Method to run SQL queries
****************************/
function query($sql)
{
if (!$this->dbLink)
$this->connect();
if (! $result = mysql_query($sql,$this->dbLink)) {
$this->ShowError();
return false;
}
$this->queryCount++;
return $result;
}
/************************
* Method to fetch values*
*************************/
function fetchObject($result)
{
if (!$Object=mysql_fetch_object($result))
{
$this->ShowError();
return false;
}
else
{
return $Object;
}
}
/*************************
* Method to number of rows
**************************/
function numRows($result)
{
if (false === ($num = mysql_num_rows($result))) {
$this->ShowError();
return -1;
}
return $num;
}
/*******************************
* Method to safely escape strings
*********************************/
function escapeString($string)
{
if (get_magic_quotes_gpc())
{
return $string;
}
else
{
$string = mysql_escape_string($string);
return $string;
}
}
function free($result)
{
if (mysql_free_result($result)) {
$this->ShowError();
return false;
}
return true;
}
function lastInsertId()
{
return mysql_insert_id($this->dbLink);
}
function getUniqueField($sql)
{
$row = mysql_fetch_row($this->query($sql));
return $row[0];
}
function testconnection() {
$this->dbLink = mysql_connect($this->dbHost, $this->dbUsername, $this->dbPassword);
if (!$this->dbLink) {
$this->ShowError();
return false;
}
else if (!mysql_select_db($this->dbName,$this->dbLink)) {
$this->ShowError();
return false;
}
else {
mysql_query("set names latin5",$this->dbLink);
return true;
}
unset ($this->dbHost, $this->dbUsername, $this->dbPassword, $this->dbName);
}
}
问题不在Java方面,而在PHP方面。
当您在POST或GET中对字符串进行URLEncode时,服务器端会对URL编码进行解码,然后将结果放入其$_REQUEST变量(以及$_POST)中。
因此,URL编码不能保护您不受文本中单引号的影响。为此,您需要在PHP中使用一个转义命令,使字符串可以安全地插入数据库。特定的命令取决于您的数据库。请注意,在您给出的类MySQL中,有一个escapeString方法。使用它。