0

我创建了一个必须连接到 Web 服务(由我创建)的 Android 应用程序,该服务存储在数据库中(托管在免费托管网站中)。Web 服务需要latitude,longitudetext存储在数据库中,如果我使用它,它会很好用。

但我无法使用我的 Android 应用程序中的网络服务。这是代码:

package com.example.mobile;

import java.io.IOException;

import org.ksoap2.SoapEnvelope;
import org.ksoap2.serialization.SoapObject;
import org.ksoap2.serialization.SoapPrimitive;
import org.ksoap2.serialization.SoapSerializationEnvelope;
import org.ksoap2.transport.HttpTransportSE;
import org.xmlpull.v1.XmlPullParserException;

import android.os.Bundle;
import android.app.Activity;
import android.content.Intent;
import android.util.Log;
import android.view.Menu;
import android.view.View;
import android.view.View.OnClickListener;
import android.widget.Button;
import android.widget.TextView;
import android.os.AsyncTask;


public class WebServiceActivity extends Activity implements OnClickListener {

    public final static String SOAP_ACTION1 = "http://ocrwebservice.somee.com/InsertIntoDB";
    public final static String SOAP_ACTION2 = "http://ocrwebservice.somee.com/Testing";
    public final static String NAMESPACE = "http://ocrwebservice.somee.com/";
    public final static String METHOD_NAME1 = "InsertIntoDB";
    public final static String METHOD_NAME2 = "Testing";
    public final static String URL = "http://ocrwebservice.somee.com/Service1.asmx?WSDL";

    Bundle extras;
    TextView tvResult;
    Button btnMenu;
    String ocr;
    int test_or_train; //valore sentinella
    String gps, latitude, longitude;
    double latitudine, longitudine;

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_web_service);

        tvResult = (TextView)findViewById(R.id.textViewResult);
        btnMenu = (Button)findViewById(R.id.buttonGoToMenu);

        extras = getIntent().getExtras();
        ocr = extras.getString(RecognitionActivity.OCRTEXT);
        gps = extras.getString(RecognitionActivity.GPS);
        test_or_train = extras.getInt(RecognitionActivity.TEST_OR_TRAIN);

        String [] coordinate = gps.split("#");
        latitude = coordinate[0];
        longitude = coordinate[1];

        Log.d("VALORI", latitude);
        Log.d("VALORI", longitude);

        //latitudine = Double.parseDouble(latitude);
        //longitudine = Double.parseDouble(longitude);

        System.out.println(latitudine);
        System.out.println(longitudine);

        AsyncCallWS task = new AsyncCallWS();
        task.execute();

    }

    private class AsyncCallWS extends AsyncTask<Void,Void,Void>{
        @Override
        protected Void doInBackground(Void... params) {
            // TODO Auto-generated method stub
            perform();
            return null;
        }
    }

    void perform(){
        switch(test_or_train){
        case 0: //inserimento dei valori -- fase di training
            SoapObject requestInsert = new SoapObject(NAMESPACE, METHOD_NAME1);//inizializzazione richiesta SOAP e aggiunta parametri

            //aggiunta dei parametri per la richiesta SOAP      
            requestInsert.addProperty("latitudine", latitude);
            requestInsert.addProperty("longitudine", longitude);
            requestInsert.addProperty("testo", ocr);

            //dichiarazione della versione SOAP utilizzata
            SoapSerializationEnvelope insertEnvelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
            insertEnvelope.setOutputSoapObject(requestInsert);
            insertEnvelope.dotNet = true;


            try {
                HttpTransportSE insertTransport = new HttpTransportSE(URL);

                //chiamata del web service
                insertTransport.call(SOAP_ACTION1, insertEnvelope);

                SoapPrimitive insertResult = (SoapPrimitive)insertEnvelope.getResponse();

                if(insertResult != null)
                    tvResult.setText(insertResult.toString());
                } catch (IOException e) {
                // TODO Auto-generated catch block
                    e.printStackTrace();
                } catch (XmlPullParserException e) {
                // TODO Auto-generated catch block
                    e.printStackTrace();
                }
            break;

        case 1:
            SoapObject requestTest = new SoapObject(NAMESPACE, METHOD_NAME2);

            requestTest.addProperty("latitudine", latitudine);
            requestTest.addProperty("longitudine", longitudine);
            requestTest.addProperty("testo", ocr);

            SoapSerializationEnvelope testEnvelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
            testEnvelope.setOutputSoapObject(requestTest);
            testEnvelope.dotNet = true;

            try{
                HttpTransportSE testTransport = new HttpTransportSE(URL);

                testTransport.call(SOAP_ACTION2, testEnvelope);

                SoapObject testResult = (SoapObject)testEnvelope.bodyIn;

                if(testResult != null){
                      if((testResult.getProperty(0).toString()).compareTo("EXISTS") == 0)
                        tvResult.setText("Il cartello fotografato è presente nel DB");
                    else
                        tvResult.setText("Attenzione! Il cartello fotografato non è presente nel DB");
                    }

                }catch (IOException e) {
                // TODO Auto-generated catch block
                    e.printStackTrace();
                } catch (XmlPullParserException e) {
                // TODO Auto-generated catch block
                    e.printStackTrace();
                }
            break;

            }
        btnMenu.setOnClickListener(this);
    }

    @Override
    public boolean onCreateOptionsMenu(Menu menu) {
        // Inflate the menu; this adds items to the action bar if it is present.
        getMenuInflater().inflate(R.menu.activity_web_service, menu);
        return true;
    }

    @Override
    public void onClick(View arg0) {
        // TODO Auto-generated method stub
        Intent intentReset = new Intent(this,MainActivity.class);
        startActivity(intentReset);
    }
}

这是我得到的日志猫:

05-02 15:44:46.530: W/System.err(4670): SoapFault - faultcode: 'soap:Server' faultstring: 'Server was unable to process request. ---> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Po '')' at line 1' faultactor: 'null' detail: org.kxml2.kdom.Node@41934a08
05-02 15:44:46.530: W/System.err(4670):     at org.ksoap2.serialization.SoapSerializationEnvelope.parseBody(SoapSerializationEnvelope.java:141)
05-02 15:44:46.530: W/System.err(4670):     at org.ksoap2.SoapEnvelope.parse(SoapEnvelope.java:140)
05-02 15:44:46.540: W/System.err(4670):     at org.ksoap2.transport.Transport.parseResponse(Transport.java:116)
05-02 15:44:46.540: W/System.err(4670):     at org.ksoap2.transport.HttpTransportSE.call(HttpTransportSE.java:259)
05-02 15:44:46.540: W/System.err(4670):     at org.ksoap2.transport.HttpTransportSE.call(HttpTransportSE.java:114)

可能我调用 SOAP 方法时出现问题,但我不知道如何解决。

4

1 回答 1

0

您的代码似乎正确调用了 SOAP 方法。问题出在 Web 服务本身。

试试这个信封:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                  xmlns:ocr="http://ocrwebservice.somee.com/">
   <soapenv:Header/>
   <soapenv:Body>
      <ocr:InsertIntoDB>
         <ocr:latitudine>33</ocr:latitudine>
         <ocr:longitudine>44</ocr:longitudine>
         <ocr:testo>Po '</ocr:testo>
      </ocr:InsertIntoDB>
   </soapenv:Body>
</soapenv:Envelope>

它将产生您指出的相同错误:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xmlns:xsd="http://www.w3.org/2001/XMLSchema">
   <soap:Body>
      <soap:Fault>
         <faultcode>soap:Server</faultcode>
         <faultstring>Server was unable to process request. ---> You have an
         error in your SQL syntax; check the manual that corresponds to your 
         MySQL server version for the right syntax to use near ''Po '')' at 
         line 1</faultstring>
         <detail/>
      </soap:Fault>
   </soap:Body>
</soap:Envelope>

另一方面,当您取出'时:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                  xmlns:ocr="http://ocrwebservice.somee.com/">
   <soapenv:Header/>
   <soapenv:Body>
      <ocr:InsertIntoDB>
         <ocr:latitudine>33</ocr:latitudine>
         <ocr:longitudine>44</ocr:longitudine>
         <ocr:testo>Po </ocr:testo>
      </ocr:InsertIntoDB>
   </soapenv:Body>
</soapenv:Envelope>

插入成功。

底线是:您的客户端或您的 Web 服务必须'正确转义。

我的意见?这应该在 Web 服务中完成,而不是在客户端中完成,因为不正确的转义会使您的服务容易受到SQL 注入的攻击。本身PO '也不是无效String的,您的服务不应为此产生故障。

于 2013-05-02T15:42:54.890 回答