Php 更新数据库表时出现问题
我正在构建一个使用MySQL数据库的应用程序。。我正在尝试发送gps坐标、字符串和整数。。发送的坐标工作正常。。问题在于字符串和整数 这是我的php脚本:Php 更新数据库表时出现问题,php,android,mysql,database,Php,Android,Mysql,Database,我正在构建一个使用MySQL数据库的应用程序。。我正在尝试发送gps坐标、字符串和整数。。发送的坐标工作正常。。问题在于字符串和整数 这是我的php脚本: <?php $con = mysqli_connect("*****", "*****", "******", "*******"); $lat = $_POST["lat"]; $long = $_POST["long"]; $id= $_POST["id"]; $pickup= $_POST["pickup"]; $destin
<?php
$con = mysqli_connect("*****", "*****", "******", "*******");
$lat = $_POST["lat"];
$long = $_POST["long"];
$id= $_POST["id"];
$pickup= $_POST["pickup"];
$destination = $_POST["destination"];
$seats= $_POST["seats"];
$statement = mysqli_prepare($con,"Update user SET lat=$lat,long=$long , pickup=$pickup,destination=$destination,seats=$seats WHERE user_id=$id" );
mysqli_stmt_execute($statement);
$response = array();
$response["success"] = true;
echo json_encode($response);?>
public void send_gps(String pickup,String destination,int seats,int id, double lat,double long) {
// Response received from the server
Response.Listener<String> responseListener = new Response.Listener<String>() {
@Override
public void onResponse(String response) {
try {
JSONObject jsonResponse = new JSONObject(response);
boolean success = jsonResponse.getBoolean("success");
} catch (JSONException e) {
e.printStackTrace();
AlertDialog.Builder builder2 = new AlertDialog.Builder(MapsActivity.this);
builder2.setMessage("error")
.setNegativeButton("Retry", null)
.create()
.show();
}
}
};
gps_request request = new gps_request(pickup,destination,Integer.toString(seats),Integer.toString(id),Double.toString(lat),Double.toString(long), responseListener);
RequestQueue queue = Volley.newRequestQueue(this);
queue.add(request);
}
public void send\u gps(字符串拾取、字符串目的地、整数座位、整数id、双纬度、双长){
//从服务器收到的响应
Response.Listener responseListener=新的Response.Listener(){
@凌驾
公共void onResponse(字符串响应){
试一试{
JSONObject jsonResponse=新的JSONObject(响应);
boolean success=jsonResponse.getBoolean(“success”);
}捕获(JSONException e){
e、 printStackTrace();
AlertDialog.Builder builder2=新建AlertDialog.Builder(MapsActivity.this);
builder2.setMessage(“错误”)
.setNegativeButton(“重试”,null)
.create()
.show();
}
}
};
gps_请求请求=新的gps_请求(皮卡、目的地、整型.toString(座位)、整型.toString(id)、Double.toString(lat)、Double.toString(长)、responseListener);
RequestQueue=Volley.newRequestQueue(this);
添加(请求);
}
public class gps_request extends StringRequest {
private static final String LOGIN_REQUEST_URL = "**********************";
private Map<String, String> params;
public gps_request(String pickup,String destination,String seats,String id,String lat, String long, Response.Listener<String> listener) {
super(Method.POST, LOGIN_REQUEST_URL, listener, null);
params = new HashMap<>();
params.put("lat", lat);
params.put("long", long);
params.put("id", id );
params.put("pickup", pickup);
params.put("destination", destination);
params.put("seats", seats );
}
@Override
public Map<String, String> getParams() {
return params;
}}
公共类gps\u请求扩展了StringRequest{
私有静态最终字符串登录\请求\ URL=“*************************”;
私有映射参数;
公共gps_请求(字符串拾取、字符串目的地、字符串座位、字符串id、字符串lat、字符串长、响应.侦听器){
super(Method.POST,LOGIN\u REQUEST\u URL,listener,null);
params=新的HashMap();
参数put(“lat”,lat);
参数put(“long”,long);
参数put(“id”,id);
参数put(“拾取”,拾取);
参数put(“目的地”,目的地);
参数put(“座位”,座位);
}
@凌驾
公共映射getParams(){
返回参数;
}}
问题是你们不知道如何在查询中使用引号。你们使用的是预先准备好的语句,很好。但为什么要按原样传递参数呢?使用函数绑定参数。这是第二级
sql注入$statement = mysqli_prepare($con,"UPDATE user SET lat=?, long=?, pickup=?, destination=?, seats=? WHERE user_id=?");
$statement->bind_param("iisssi", $lat, $long, $pickup, $destination, $seats, $id);
mysqli_stmt_execute($statement);