php,mysql please help

fanfalveto · Oct 4, 2012

Here's the code:

ExecuteRemoteQuery("http://"&base&"/android.php?id=" & id & "&fecha="&fecha&"&hora="&hora&"&nombre="&nombre&"&longitud=" &longitud&"&latitud="&latitud,1)

end the php code:

<?
$databasehost = "localhost";
$databasename = "afichar";
$databaseusername ="root";
$databasepassword = "";

$con = mysql_connect($databasehost,$databaseusername,$databasepassword) or die(mysql_error());
mysql_select_db($databasename,$con) or die(mysql_error());

$id=$_GET['id1'];
$fecha=$_GET['fecha1'];
$hora=$_GET['hora1'];
$nombre=$_GET['nombre1'];
$longitud=$_GET['longitud1'];
$latitud=$_GET['latitud1'];

$sql="INSERT INTO horarios (id,fecha,hora,nombre,longitud,latitud) VALUES ('$id,'$fecha','$hora','$nombre','$longitud','$latitud')";
mysql_query($sql);
?>

If I remove everything and leave you alone "hora" inserted into the database, if I put the rest of the fields are not.
I've been looking but no longer do.
thanks

mc73 · Oct 4, 2012

One thing that I see is that in your query you define 'fecha' for example, while in your php, you have 'fetcha1'. Same goes for all other variables.

fanfalveto · Oct 5, 2012

Thanks,i see what do you say,but don´t work.
I can´t see the problem.

warwound · Oct 5, 2012

It could be an encoding problem...

In B4A are you properly url encoding your GET values?
Use the StringUtils library and it's EncodeUrl method to encode the request's GET parameter values.

Now in PHP you need to use the PHP urldecode method to decode each $_GET value.

You only really need to do this for string values NOT numeric values.

An example:

PHP:

$fecha=urldecode($_GET['fecha1']);

You should also prevent MySQL injection attacks by using the PHP mysql_real_escape_string method on all strings passed to your script:

So the previous example becomes:

PHP:

$fecha=mysql_real_escape_string(urldecode($_GET['fecha1']));

If a numeric value is passed to a script you can prevent MySQL injection attacks by casting it to the appropriate PHP numeric type.
Assume $_GET['my_number'] is an integer, the PHP to use would be:

PHP:

$my_number=(int) $_GET['my_number'];

If the numeric value is a float or double you need to cast to one of those types, see here: PHP: Type Juggling - Manual.

With all of that done you can test your script again, if it fails then test using a desktop browser to make things easier to debug.
Add a line to the end of your script:

PHP:

$sql="INSERT INTO horarios (id,fecha,hora,nombre,longitud,latitud) VALUES ('$id,'$fecha','$hora','$nombre','$longitud','$lat itud')";
$result=mysql_query($sql);
if($result==false){
 echo "query was: $sql";
 echo "<br>";
 echo mysql_error();
}

Martin.

Erel · Oct 5, 2012

Assuming that ExecuteRemoteQuery is the same sub as in the MySQL example, then it doesn't send the parameters as GET parameters. See the PHP script in that example.

fanfalveto · Oct 5, 2012

Thank you very much.
Not that I am failing, I've gone over a thousand times but nothing.
This is the b4a code:

ExecuteRemoteQuery("http://"&base&"/android.php?id=" & id & "&fecha="&fecha&"&hora="&hora&"&nombre="&nombre&"&longitud=" &longitud&"&latitud="&latitud,1)
End Sub

Sub ExecuteRemoteQuery(Query As String, TaskId As Int)
Dim req As HttpRequest
req.InitializePost2(Query, Query.GetBytes("UTF8"))
hc.Execute(req, TaskId)
ProgressDialogShow("Subiendo datos")
ToastMessageShow(Query,True)
End Sub

And the php code:

$con = mysql_connect($databasehost,$databaseusername,$databasepassword) or die(mysql_error());
mysql_select_db($databasename,$con) or die(mysql_error());

$id=$_GET['id'];
$fecha=$_GET['fecha'];
$hora=$_GET['hora'];
$nombre=$_GET['nombre'];
$longitud=$_GET['longitud'];
$latitud=$_GET['latitud'];

$id = mysql_real_escape_string($id);
$fecha = mysql_real_escape_string($fecha);
$hora = mysql_real_escape_string($hora);
$nombre = mysql_real_escape_string($nombre);
$longitud = mysql_real_escape_string($longitud);
$latitud = mysql_real_escape_string($latitud);

$sql="INSERT INTO horarios (id,fecha,hora,nombre,longitud,latitud) VALUES ('$id,'$fecha','$hora','$nombre','$longitud','$latitud')";
mysql_query($sql);
$result=mysql_query($sql);
if($result==false){
echo "query was: $sql";
echo "<br>";
echo mysql_error();
}
?>

I try with urldecode at php code but nothing.
:sign0013: but i´m lost.

Mahares · Oct 5, 2012

I know nothing about PHP, but aren't you missing a single quote in this line, to the right of $id
$sql="INSERT INTO horarios (id,fecha,hora,nombre,longitud,latitud) VALUES ('$id,'$fecha','$hora','$nombre','$longitud','$lat itud')";

fanfalveto · Oct 5, 2012

That's what happens when nerves are raw skin,:BangHead: Mahares thank you very much, that was the problem and was not able to see it.
Thanks to all

php,mysql please help

fanfalveto

Active Member

mc73

Well-Known Member

fanfalveto

Active Member

warwound

Expert

Erel

B4X founder

fanfalveto

Active Member

Mahares

Expert

fanfalveto

Active Member