Problem receiving data on Android with JSON, PHP and MySQL

Question

Problem receiving data on Android with JSON, PHP and MySQL

Navigation

#1 by (1 votes)
#2 by (1 votes)

3

I am developing an application for a restaurant control, it should be noted that I am relatively new to this, and most of what I do is with online consultations.

This is the problem, I have this PHP Script in which I receive a variable of NAME with the name of a food dish, and returns the id the name, price and what you can see .

<?php 

// Getting the requested id
$NOMBRESEND = $_GET['NOMBRE'];

// Importing database
require_once('connectdb.php');

// Creating SQL query with where clause to get a specific employee

$sql = "SELECT c.NOMBRE AS NOMBRECATEGORIA, p.* FROM plato p, categoria c WHERE p.ID_CATEGORIA=c.ID_CATEGORIA AND (p.NOMBRE=$NOMBRESEND OR c.NOMBRE=$NOMBRESEND)";

// getting result 
$r = mysqli_query($con,$sql);

// creating a blank array 
$result = array();

while($row = mysqli_fetch_array($r)){

// Pushing name and id in the blank array created 
array_push($result,array(

"ID_PLATO"=>$row['ID_PLATO'],
"NOMBRE"=>$row['NOMBRE'],
"PRECIO"=>$row['PRECIO'],
"DESCRIPCION"=>$row['DESCRIPCION'],
"NOMBRECATEGORIA"=>$row['NOMBRECATEGORIA'],

));
}

// displaying in JSON format 
echo json_encode(array('result'=>$result));

mysqli_close($con);
?>

The script works well. The problem is in Android. I control the name of the cymbal with this function:

public String sendGetRequestParam(String requestURL, String id){
    StringBuilder sb =new StringBuilder();

    try {
        URL url = new URL(requestURL+"\""+id+"\"");
        HttpURLConnection con = (HttpURLConnection) url.openConnection();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(con.getInputStream()));

        String s;
        while((s=bufferedReader.readLine())!=null){
            sb.append(s+"\n");
        }
    }catch(Exception e){
    }
    return sb.toString();
}

Where requestURL is the address of the PHP script and id is the name of the cymbal.

If in that variable id I send for example "pizza" the value returns correctly and it shows me the JSON file with the saucer, but if I send for example "Chicken burger" it does not return any JSON. The weird thing is that if I do it with postman, for example and I write "Chicken Burger" if I return the JSON as you can see in this image:

In the debug these data come out in both cases.

In this I send "Ravioli" and as you can see in the String s return the JSON with the data of the ravioli.

But when you send it for example "Chicken burger" it does not return anything and does not save the data in the String s and it does not receive the JSON with them either.

mysql android php json android-studio

asked by Tomás Méndez 24.09.2017 в 03:49

source

2 answers

Problem with shell script on Mac (osascript dialogs) error PHP-LARAVEL Undefined variable:

score 1 · Answer 1

Apparently it is because of the blank spaces.

I would tell you to try ... Removing the spaces

try this ..

on android.

URL url = new URL(requestURL+"\""+id.replace(" ","")+"\"");

on your php

 $sql = "SELECT c.NOMBRE AS NOMBRECATEGORIA, p.* FROM plato p, categoria c WHERE p.ID_CATEGORIA=c.ID_CATEGORIA AND (REPLACE(p.NOMBRE, " ", "")=$NOMBRESEND OR REPLACE(c.NOMBRE, " ", "")=$NOMBRESEND)";

Beware of replacing the spaces with signs ... I would not trust much in it.

score 1 · Answer 2

The origin of the problem

In the case you raise, the URLs are being encoded according to the RFC 3986 , which explains in section 2.1 that URLs containing non-allowed characters will be replaced by the% sign % followed by its binary octet. The section puts just as an example the blank, whose binary octet would be 20 , so a URL containing blank spaces, these spaces are replaced by %20 .

Therefore, in requests whose URL is created like this in your application:

http://www.example.com/verPlato.php?NOMBRE=Hamburguesa de pollo

If RFC 3986 is applied, the server will receive the URL like this:

http://www.example.com/verPlato.php?NOMBRE=Hamburguesa%20de%20pollo

Solutions

Several solutions are possible, either on the application side or on the server side.

A. On the application side

You can replace blank spaces by the + sign, doing something like this:

String urlPost="http://www.example.com/verPlato.php?NOMBRE=Hamburguesa de pollo";
urlPost = urlPost.replaceAll(" ", "+");

This will produce a URL like that, which is totally valid for the case at hand:

http://www.example.com/verPlato.php?NOMBRE=Hamburguesa+de+pollo

B. On the server side

You can let the application send the encoded URL according to the RFC 3986 rule and work it on the server.

$urlPost=( empty($_GET["NOMBRE"]) ) ? NULL : urldecode($_GET["NOMBRE"]);

if ($urlPost){
    require_once('connectdb.php');
    //Resto del código
}else{
    //Indicar el error en forma de array
}
    //Emitir la respuesta con json_encode

You can also make a replacement instead of using urldecode . But, it is not worth giving up a function that exists precisely for that. Note that on the application side it would not make any sense to decode the URL, because it is encoded precisely when it is sent to the server.

Your server code suffers from some security and logic failures:

You must implement prepared queries since your code is highly vulnerable to SQL injection attacks. I recommend that you read about it and correct that serious error.
In the body of the PHP code I have written a coherent flow. Using a ternary operator I verify if the key NOMBRE is not empty in the GET and in that case I propose to send an error message so that the user of the App does not go blank when due to bad use he has not written data in the field of text that should collect the name.