0

我有一个列表,其中包含我的 MySQL 数据库的值。这些值与列表一起传输,但是当我查看我的变量时(在调试模式下)。我看到只有旧值被发送到 PHP 文件,而不是“更新”值。

在这里,我得到了“喜欢”的旧值:

  protected String doInBackground(String... params) {

        // updating UI from Background Thread
        runOnUiThread(new Runnable() {
            public void run() {
                // Check for success tag
                int success;
                try {
                    // Building Parameters
                    List<NameValuePair> params = new ArrayList<NameValuePair>();
                    params.add(new BasicNameValuePair("id", cid));

                    // getting product details by making HTTP request
                    // Note that product details url will use GET request
                    JSONObject json = jParser.makeHttpRequest(url_details, "GET", params);

                    // check your log for json response
                    Log.d("Details Song", json.toString());

                    // json success tag
                    success = json.getInt(TAG_SUCCESS);
                    if (success == 1) {
                        // successfully received product details
                        JSONArray chartsObj = json.getJSONArray(TAG_CHARTS); // JSON Array

                        // get first product object from JSON Array
                        JSONObject charts = chartsObj.getJSONObject(0);

                        // product with this id found
                        // Edit Text
                        txtInterpret = (TextView)findViewById(R.id.tblInterpret);
                        txtTitel = (TextView)findViewById(R.id.tblTitel);
                        txtAlbum = (TextView)findViewById(R.id.tblAlbum);
                        txtLikes = (TextView)findViewById(R.id.like);
                        thumb_image = (ImageView)findViewById(R.id.albumcover); 

                        imageLoader = new ImageLoader(getApplicationContext());
                        imageLoader.DisplayImage(charts.getString(TAG_ALBUMCOVER), thumb_image);
                        txtInterpret.setText(charts.getString(TAG_INTERPRET));
                        txtTitel.setText(charts.getString(TAG_TITEL));
                        txtAlbum.setText(charts.getString(TAG_ALBUM));
                        txtLikes.setText(Integer.toString(charts.getInt(TAG_LIKES)));
                        likes = charts.getInt(TAG_LIKES);

                    }else{
                        // product with id not found
                    }
                } catch (JSONException e) {
                    e.printStackTrace();
                }
            }
        });

        return null;
    }

这个函数在我的 OnCreate 函数中。当您单击一个按钮时,您应该将 int 值增加一!

        like.setOnClickListener(new View.OnClickListener() {

            @Override
            public void onClick(View v) {
                System.out.println("Vorher: " +likes);
                likes = (likes++);
                System.out.println("Nachher: " +likes);
                new Like().execute();
            }
        });

这就是我的清单的功能。

protected String doInBackground(String... args) {

         List<NameValuePair> params = new ArrayList<NameValuePair>();
         params.add(new BasicNameValuePair("id", cid));
         params.add(new BasicNameValuePair(TAG_LIKES, Integer.toString(likes)));

    // getting JSON Object
    // Note that create product url accepts POST method
         JSONObject json = jParser.makeHttpRequest(url_like,"POST", params);

    // check log cat for response
    Log.d("Create Response", json.toString());

    return null;
    }

这是我的 JSONParser:

if(method == "POST"){
            // request method is POST
            // defaultHttpClient
            DefaultHttpClient httpClient = new DefaultHttpClient();
            HttpPost httpPost = new HttpPost(url);
            httpPost.setEntity(new UrlEncodedFormEntity(params));

            HttpResponse httpResponse = httpClient.execute(httpPost);
            HttpEntity httpEntity = httpResponse.getEntity();
            json = EntityUtils.toString(httpEntity, HTTP.UTF_8);
            System.out.println("JSON: " + json);

最后是我的 PHP 文件:

<?php

/*
 * Following code will update a product information
 * A product is identified by product id (pid)
 */

// array for JSON response
$response = array();

// check for required fields
if (isset($_POST['likes']) && isset($_POST['id'])) {

$id = $_POST['id'];
$likes = $_POST['likes'];

// include db connect class
require_once (connection);

// connecting to db
$db = new DB_CONNECT();

// mysql update row with matched pid
$result = mysql_query("UPDATE Charts SET likes = '$likes' WHERE id = '$id'");

// check if row inserted or not
if ($result) {
    // successfully updated
    $response["success"] = 1;
    $response["message"] = "Like erfolgreich";

    // echoing JSON response
    echo json_encode($response);
} else {

}
} else {
// required field is missing
$response["success"] = 0;
$response["message"] = "Ein Fehler ist aufgetreten";

// echoing JSON response
echo json_encode($response);
}
?>
4

2 回答 2

1

首先,您在JSONParser中的 if 条件从未执行,因为,

你的 if 条件应该是,

if(method.equals("POST"))

不是一个,

if(method == "POST")

第二个,

此外,不要runOnUiThread在 doInBackground() 中使用,而是将 UI 更新代码放在 AsyncTask 的onPostExecute()方法中。

于 2012-07-22T15:28:47.583 回答
1

您很容易受到SQL 注入攻击,并且几乎可以保证 JSON 文本将包含两个以上的'字符,从而“破坏”您的 sql 查询。本质上,您是在注入自己的 sql 查询。

您的查询也没有错误处理,并假设它们成功。这真是太糟了。即使您的 SQL 语法 100% 完美,也有太多其他原因导致查询无法不检查错误:

至少,你应该有

$safe_json = mysql_real_escape_string($_POST['likes']);
$sql = "UPDATE .... WHERE likes='$safe_json' ...";
$result = mysql_query($sql) or die(mysql_error());

作为一般提示,这些mysql_*()函数自 PHP 5.4 起已被弃用。您应该考虑切换到mysqli,或者最好是PDO

于 2012-07-22T15:22:01.990 回答