Android PHP Mysql ...JSON Request

Question

I'm Getting the error as

Request Failed: java.lang.IllegalArgumentException: Illegal argument in Query at at index 42: http:/10.0.2.2:8080/webservice2.php?json={\"UserName\":1,\"FullName\":2}"

main.java

package com.hamdyghanem.httprequest;

import java.*(etc etc)

public class Main extends Activity {
/** Called when the activity is first created. */
public int iLanguage = 0;
TextView lbl;
Typeface arabicFont = null;
int TIMEOUT_MILLISEC = 10000; // = 10 seconds

@Override
public void onCreate(Bundle savedInstanceState) {
    try {

        super.onCreate(savedInstanceState);
        setContentView(R.layout.main);
        getWindow().setLayout(LayoutParams.FILL_PARENT,
                LayoutParams.FILL_PARENT);
        // ////
        arabicFont = Typeface.createFromAsset(getAssets(),
                "fonts/DroidSansArabic.ttf");

        lbl = (TextView) findViewById(R.id.lbl);
        //

    } catch (Throwable t) {
        Toast.makeText(this, "Request failed: " + t.toString(),
                Toast.LENGTH_LONG).show();
    }
}

public void clickbuttonRecieve(View v) {
    try {
        JSONObject json = new JSONObject();
        json.put("UserName", "test2");
        json.put("FullName", "1234567");
        HttpParams httpParams = new BasicHttpParams();
        HttpConnectionParams.setConnectionTimeout(httpParams,
                TIMEOUT_MILLISEC);
        HttpConnectionParams.setSoTimeout(httpParams, TIMEOUT_MILLISEC);
        HttpClient client = new DefaultHttpClient(httpParams);

        String url = "http://10.0.2.2:8080/webservice2.php?json = {\"UserName\":1,\"FullName\":2}";


        HttpPost request = new HttpPost(url);
        request.setEntity(new ByteArrayEntity(json.toString().getBytes(
                "UTF8")));
        request.setHeader("json", json.toString());
        HttpResponse response = client.execute(request);
        HttpEntity entity = response.getEntity();
        // If the response does not enclose an entity, there is no need
        if (entity != null) {
            InputStream instream = entity.getContent();

            String result = RestClient.convertStreamToString(instream);
            Log.i("Read from server", result);
            Toast.makeText(this,  result,
                    Toast.LENGTH_LONG).show();
        }
    } catch (Throwable t) {
        Toast.makeText(this, "Request failed: " + t.toString(),
                Toast.LENGTH_LONG).show();
    }
}

public void clickbutton(View v) {
    try {
        Log.i(getClass().getSimpleName(), "send  task - start");
        HttpParams httpParams = new BasicHttpParams();
        HttpConnectionParams.setConnectionTimeout(httpParams,
                TIMEOUT_MILLISEC);
        HttpConnectionParams.setSoTimeout(httpParams, TIMEOUT_MILLISEC);
        //
        HttpParams p = new BasicHttpParams();
        // p.setParameter("name", pvo.getName());
        p.setParameter("user", "1");

        // Instantiate an HttpClient
        HttpClient httpclient = new DefaultHttpClient(p);
        String url = "http://10.0.2.2:8080/webservice1.php?user=1&format=json";
        HttpPost httppost = new HttpPost(url);

        // Instantiate a GET HTTP method
        try {
            Log.i(getClass().getSimpleName(), "send  task - start");
            //
            List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(
                    2);
            nameValuePairs.add(new BasicNameValuePair("user", "1"));
            httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
            ResponseHandler<String> responseHandler = new BasicResponseHandler();
            String responseBody = httpclient.execute(httppost,
                    responseHandler);
            // Parse
            JSONObject json = new JSONObject(responseBody);
            JSONArray jArray = json.getJSONArray("posts");
            ArrayList<HashMap<String, String>> mylist = new ArrayList<HashMap<String, String>>();

            for (int i = 0; i < jArray.length(); i++) {
                HashMap<String, String> map = new HashMap<String, String>();
                JSONObject e = jArray.getJSONObject(i);
                String s = e.getString("post");
                JSONObject jObject = new JSONObject(s);

                map.put("idusers", jObject.getString("idusers"));
                map.put("UserName", jObject.getString("UserName"));
                map.put("FullName", jObject.getString("FullName"));

                mylist.add(map);
            }
            Toast.makeText(this, responseBody, Toast.LENGTH_LONG).show();

        } catch (ClientProtocolException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        // Log.i(getClass().getSimpleName(), "send  task - end");

    } catch (Throwable t) {
        Toast.makeText(this, "Request failed: " + t.toString(),
                Toast.LENGTH_LONG).show();
    }

}

public class Data {
    // private List<User> users;
    public List<User> users;

    // +getters/setters
}

static class User {
    String idusers;
    String UserName;
    String FullName;

    public String getUserName() {
        return UserName;
    }

    public String getidusers() {
        return idusers;
    }

    public String getFullName() {
        return FullName;
    }

    public void setUserName(String value) {
        UserName = value;
    }

    public void setidusers(String value) {
        idusers = value;
    }

    public void setFullName(String value) {
        FullName = value;
    }
}
}

webservice2.php

<?php 
//http://localhost:8080/sample1/webservice2.php?json= {%22UserName%22:1,%22FullName%22:2}
//$json=$_GET ['json'];
$json = file_get_contents('php://input');
$obj = json_decode($json);

//echo $json;


//Save
$con = mysql_connect('localhost','root','123456') or die('Cannot connect to the DB');
mysql_select_db('test',$con);

/* grab the posts from the db */
//$query = "SELECT post_title, guid FROM wp_posts WHERE post_author = $user_id AND post_status = 'publish' ORDER BY ID DESC LIMIT $number_of_posts";
mysql_query("INSERT INTO `test`.`users` (UserName, FullName)
    VALUES ('".$obj->{'UserName'}."', '".$obj->{'FullName'}."')");

mysql_close($con);
//
//$posts = array($json);
$posts = array(1);
header('Content-type: application/json');
echo json_encode(array('posts'=>$posts));

?>

Answer 1

You should escape your uri characters. On Android you can do that this way:

String json = URLEncoder.encode("{\"UserName\":1,\"FullName\":2}", "utf-8");
String url = "http://10.0.2.2:8080/webservice2.php?json=" + json;

Answer 2

Illegal argument in Query at at index 42: -- this is the important bit. It's saying that the 43rd (it's 0-based) character in your URI (which happens to be the backslash) is illegal in that context. URIs don't seem to be allowed to contain backslashes, according to this library. (This appears to be incorrect: see https://www.rfc-editor.org/rfc/rfc3986#section-2.1)

You have two options:

• Use the request body rather than the query string to contain the JSON data.
• Escape backslashes in the URI, by replacing them with %5C (although you should probably use an existing library/function for this).

Personally, I'd go with the first. Some HTTP servers have a limit on the length of request URIs, which could be annoying if you want to transfer more data than that limit. Plus you don't need to worry about percent-encoding.

Also, you have a SQL injection vulnerability in your PHP at the mysql_query(...) bit. Imagine if the JSON I uploaded was {"UserName":"');DROP TABLE test.users;--"}. You should use mysqli_* functions instead. See http://bobby-tables.com/