Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/259.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 在MySQL SELECT查询中,从Android POST请求传递到服务器中PHP的字符串未被正确识别_Java_Php_Android_Mysql_Mysqli - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 在MySQL SELECT查询中,从Android POST请求传递到服务器中PHP的字符串未被正确识别

Java 在MySQL SELECT查询中,从Android POST请求传递到服务器中PHP的字符串未被正确识别

java php android mysql

Java 在MySQL SELECT查询中,从Android POST请求传递到服务器中PHP的字符串未被正确识别,java,php,android,mysql,mysqli,Java,Php,Android,Mysql,Mysqli,我已经对此进行了一段时间的黑客攻击,但我找不到以下行为的好理由: 我有一个Android应用程序,我从中发送一个多部分/表单数据http post。请求的格式如下: private final String delimiter = "--"; private final String boundary = "SwA" + Long.toString(System.currentTimeMillis()) + "SwA"; priva

我已经对此进行了一段时间的黑客攻击,但我找不到以下行为的好理由:

我有一个Android应用程序,我从中发送一个多部分/表单数据http post。请求的格式如下:

    private final String delimiter = "--";
    private final String boundary = "SwA"
                    + Long.toString(System.currentTimeMillis()) + "SwA";
    private final String charset = "UTF-8";
    private final String lineSpace = "\r\n";
    private final String domain = (domain);

    private HttpURLConnection configureConnectionForMultipart(String url)
                    throws MalformedURLException, IOException {
            HttpURLConnection con = (HttpURLConnection) (new URL(url))
                            .openConnection();
            con.setRequestMethod("POST");
            con.setDoInput(true);
            con.setDoOutput(true);
            con.setRequestProperty("Connection", "Keep-Alive");
            con.setRequestProperty("Content-Type", "multipart/form-data;boundary="
                            + boundary);
            return con;
    }

    private void addFormPart(String paramName, String value, DataOutputStream os)
                    throws IOException {
            os.writeBytes(lineSpace + delimiter + boundary + lineSpace);
            os.writeBytes("Content-Disposition: form-data; name=\"" + paramName
                            + "\"" + lineSpace);
            os.writeBytes("Content-Type: text/plain; charset=" + charset + lineSpace);
            os.writeBytes(lineSpace + value + lineSpace);
            os.flush();
    }

    private void addFilePart(String paramName, File data, DataOutputStream os)
                    throws IOException {
            os.writeBytes(lineSpace + delimiter + boundary + lineSpace);
            os.writeBytes("Content-Disposition: form-data; name=\"" + paramName
                            + "\"" + lineSpace);
            os.writeBytes("Content-Type: application/octet-stream\r\n");
            os.writeBytes("Content-Transfer-Encoding: binary" + lineSpace);
            os.writeBytes(lineSpace);
            os.flush();

            FileInputStream fis = new FileInputStream(data);
            byte[] buffer = new byte[4096];
            int bytesRead = -1;
            while ((bytesRead = fis.read(buffer)) != -1) {
                    os.write(buffer, 0, bytesRead);
            }
            os.writeBytes(lineSpace);
            os.flush();
            fis.close();
    }

    private void finishMultipart(DataOutputStream os) throws IOException {
            os.writeBytes(lineSpace);
            os.flush();
            os.writeBytes(delimiter + boundary + delimiter + lineSpace);
            os.close();
    }

    private String getResponse(HttpURLConnection con) throws IOException {
            String response = "";
            int status = con.getResponseCode();

            if (status == HttpURLConnection.HTTP_OK) {
                    BufferedReader reader = new BufferedReader(new InputStreamReader(
                                    con.getInputStream()));
                    String line = "";
                    while ((line = reader.readLine()) != null) {
                            response += line;
                    }
                    reader.close();
            } else {
                    BufferedReader reader = new BufferedReader(new InputStreamReader(con.getErrorStream()));
                    String line = "";
                    while ((line = reader.readLine()) != null) {
                            response += line;
                    }
                    reader.close();
                    throw new IOException("Server returned non-OK status: " + status+", "+response);
            }
            return response;
    }


public SearchQueryRunnable initSearchQueryRunnable(String query) {
                return new SearchQueryRunnable(query);
        }


    private class SearchQueryRunnable implements Runnable {

            private final String _query;
            private final String _url = domain + "search_query.php";

            public SearchQueryRunnable(String query) {
                    _query = query;
            }

            @Override
            public void run() {
                    try {
                            HttpURLConnection con = configureConnectionForMultipart(_url);
                            DataOutputStream os = new DataOutputStream(
                                            con.getOutputStream());
                            addFormPart("tag", _query, os);
                            finishMultipart(os);
                            String result = getResponse(con);
                            Log.i("SearchQuery", result);
                            con.disconnect();
                    } catch (MalformedURLException e) {
                            e.printStackTrace();
                    } catch (IOException e) {
                            e.printStackTrace();
                    }
            }
    }
在search_query.php中,我有以下内容:

include 'hashtags_table_api.php';

$tag = $_POST["tag"];
$res = queryHashTagsTable($tag);
在hashtags_table_api.php中,有:

include 'connect.php';

function queryHashTagsTable($hashtag) {
    global $pdo;
    $sql = "SELECT * FROM `tbl_hashtags` WHERE hashtag = :hashtag";
    $stmt = $pdo->prepare ( $sql );
    echo $hashtag;
    $stmt->bindValue(':hashtag', $hashtag);
    if ($stmt->execute()) {
        $result = $stmt->fetchAll();
        echo count($result);
    }
}
忽略connect.php重要变量:

try {
    $pdo = new PDO ( "mysql:host=$host;dbname=$dbname;charset=utf8", $username, $password );
    $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    echo 'Connected to database';
} catch(PDOException $e) {
    echo $e->getMessage();
}
当我运行这段代码并将值hash传递给initSearchQueryRunnable时,我得到的结果是0,即使在列hashtag中有一行的值为hash。奇怪的是,当我在search_query.php中硬编码以下内容时:

include 'hashtags_table_api.php';

$tag = 'hash';
$res = queryHashTagsTable($tag);
我从查询中得到所需的结果1。我进行了双重检查,$_POST[tag]正在将值“hash”传递给我的服务器,但由于某种原因,我的SQL查询无法将其识别为与我的数据库中的值相等,即使完全相同的硬编码值被识别为相等

为了让动态传递的参数被识别为与MySQL数据相等的值,我还需要做什么

编辑

经过一些测试后,我意识到$_POST[tag]带有引号,因此strlen[$tag]=6。我认为这可能是SQL没有将查询字符串与数据库中的内容匹配的原因。果然strlen['hash']=4,SQL成功地将其与我的查询匹配。如何有效地从$tag的值中删除引号,以便查询工作?仅供参考,我的服务器正在运行PHP5.4.24,如果相关的话。

我在这里解决了自己的问题。事实证明,通过http post发送的文本有两个额外的不可见空白,我只能通过使用strlen和for语句的一些测试来检测这些空白的附加位置。我的解决方案是使用trim函数,只需在运行queryHashTagsTable$tag之前将$tag=trim$tag添加到search_query.php即可。我希望这能帮助那些没有意识到他们的http post请求是用额外的不可见字符发送的,并且需要sql查询的确切字符串的人