Android Question insert data into table with PHP

You are POSTING and your PHP script is GETTING.

Try Download2. This is a GET-Request.

LG Arts HD said:

job1.PostString("http://192.168.1.64/obtain.php", "name='" & name & "', orig='" & orig & "', state='" & state & "', opi='" & opi & "'")

Click to expand...

DonManfred said:

Try Download2. This is a GET-Request.

B4X:

job1.Download2("http://192.168.1.64/obtain.php", Array As String("name", name, "orig", orig, "state", state,"opi",opi))

Click to expand...

it doesn't work I still get Internal Server Error

For the first step, please use a simple php script to echo/print just "Hello world" and try again. Does this work?

This error usually occurs when MySQL cannot complete the query.

Please post your Table structure (mytable) - this will help to find the error.

Also, does this happen the first time (clean Table - just created) or the second/subsequent times you try to insert data ?

Good practice in PHP would be to use $_REQUEST rather than $_GET; that way your script will work with both GET and POST. I'd also strongly suggest that you rewrite that code to use a prepared query, which will be much, much safer - depending on the values of the variables, your SQL could end up hopelessly mangled, and potentially vulnerable to an injection attack.

Try something along the lines of


Note that in bind_param, I've assumed each column is an integer (iiii); if not, replace the i with s for string, eg if name is a string and the others are integers, use 'siii'.

If you don't want to use a prepared statement, then you must at the very least sanity check that data, and use real_escape_string. For example (and assuming name is a string, others are int)


Building the query with sprintf like this has two advantages - one is that it's much easier to read, and to spot quoting mistakes. And secondly by using %d you force an integer value for fields that are int, even if the parameters passed are strings.

It's also a really good idea to do sanity checking, for example, if state might be one of three options ( 'ready', 'waiting', 'done'), and opi should be an int you might say something like:

to force the value to be 'waiting' if it's not one of the valid options.

This may seem like overkill, if you think only your app will ever talk to that server, but believe me - there are plenty of people who will throw anything they can at a script that they suspect might give access to an SQL database.

Also, in your original $sql = ... the quotes are all over the place. You have extra double quotes you don't need, effectively terminating the string.

If you want to leave those in, there should be a . before the variable name. Or remove the double quotes from the middle - because you have double quoted the string variable substitution will be applied.

But, really, use one of the other suggestions I made above - sprintf to build it, or a prepared query.

By the way, another handy trick if you have access to the command line on the server (or even on the PC where you're writing your scripts, if it has php installed).
Before calling the script via the web server, do a quick 'lint' check with php -l, like this


It won't execute the code, but it will parse it and find common errors, like missed brackets, semicolons, invalid function (but not method) names. (Ie, if you misspell preg_match as preg_macth it will spot that, because it's not a function, but a method like $mydb->quary($sql) instead of $mydb->query($sql) won't be spotted). Nevertheless, it's always a good check before uploading your script, and will give more information than the simple 'internal server error' that you get via the web server.