Android Question Connect Android to MySQL Database

hanyelmehy · Dec 25, 2019

i use this Tutorial https://www.b4x.com/android/forum/threads/connect-android-to-mysql-database-tutorial.8339/#content
to Connect Android to MySQL Database
but when i use Query with Like parameter and wildcard % php code send error
notes:
-i did not want to use jrdc or parameter query
-i try to use urlencode ,query work with error result
also please if any one have a good practices about avoiding any special character when Connect Android to MySQL Database please post here

josejad · Dec 25, 2019

Hi:

It would be useful to know the error you get and the PHP code you're using

aeric · Dec 25, 2019

You can use PostString to post json values in PHP.

hanyelmehy · Dec 25, 2019

José J. Aguilar said:
Hi:

It would be useful to know the error you get and the PHP code you're using

i mention that i use above tutorial ,something like

B4X:

Sub ExecuteRemoteQuery(Query As String, JobName As String)
    Dim job As HttpJob
    job.Initialize(JobName, Me)
    job.PostString(PhpScript_URL, Query)
End Sub

every thing work fine for any normal query ,when use Like parameter and wildcard % ,PostString not work correctly and return this

B4X:

Query :SELECT * FROM wftable WHERE webadd LIKE '%google%'
ResponseError. Reason: , Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<p>Additionally, a 400 Bad Request
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
</body></html>

when use urlencode (Query :SELECT * FROM wftable WHERE webadd LIKE '%25google%25')
it work but mysql return not correct result

aeric · Dec 25, 2019

For security purpose, I don’t think it is a good idea to post the SQL in query. This will cause sql injection issue.

hanyelmehy · Dec 25, 2019

aeric said:
For security purpose, I don’t think it is a good idea to post the SQL in query. This will cause sql injection issue.

i know that jrdc is better option ,but server not support that (you can't run jar files) ,also i try :
-avoid any injection syntax
-use https
-encrypt script address

aeric · Dec 25, 2019

When urlencoded, %google% will change to %25google%25

aeric · Dec 25, 2019

If your php file is search.php then you normally call http://my domain.com/search.php?text=google
You don’t need to post the entire SQL command. You write your SQL command inside your PHP file.

aeric · Dec 25, 2019

A dirty and quick fix is to replace %25 to % in PHP but I don’t recommend this way.

Android Question Connect Android to MySQL Database

hanyelmehy

Active Member

josejad

Expert

aeric

Expert

hanyelmehy

Active Member

aeric

Expert

hanyelmehy

Active Member

aeric

Expert

aeric

Expert

aeric

Expert

Similar Threads

Android Question Connect Android to MySQL Database

Active Member

Expert

Expert

Active Member

Expert

Active Member

Expert

Expert

Expert

Similar Threads

Privacy & Transparency

Privacy & Transparency