Okay,
I'm hoping one of you can help me.
I have a mysql database that I have configured through phpmyadmin.
I have an android app that simply makes and sends a mysql query
I can get it to successfully return values when using Select statements but when I use INSERT INTO, it returns " Error Query is invalid" BUT BUT BUT, when I use the same string and enter it through the sql tab in myphpadmin it works fine !
So here is the string ( the semicolons at the end of each field name are so I can use something common to split the string up when the data arrives back on the phone)
randomkey||||||INSERT INTO table4 (`geolat;` , `geolong;` , `mode;` , `destgeolat;` , `destgeolong;` , `cellphone;` , `email;` , `carrego;` , `colour;` , `rating;` , `comment;`)
VALUES (0.0,0.0,'driver' ,-43.54779,172.62472, , '' ,'' , 'text' , 'ratingleftblank' , 'commentblank' )
the index4.php script is as follows
?php
/*
* Written By:
* James
*/
/************************************CONFIG****************************************/
//DATABSE DETAILS//
$DB_ADDRESS="mysql1.openhost.net.nz";
$DB_USER="bling44";
$DB_PASS="sadlyinept";
$DB_NAME="bling44";
//SETTINGS//
//This code is something you set in the APP so random people cant use it.
$SQLKEY="randomkey";
/************************************CONFIG****************************************/
//these are just in case setting headers forcing it to always expire and the content type to JSON
header('Cache-Control: no-cache, must-revalidate');
header('Content-type: application/json');
if(isset($_POST['tag'])){ //checks ifthe tag post is there
$tag=$_POST['tag'];
$data=explode("||||||",$tag); //split the SQL statement from the SQLKEY
if($data[0]==$SQLKEY){ ///validate the SQL key
$query=$data[1];
$link = mysql_connect($DB_ADDRESS,$DB_USER,$DB_PASS); //connect ot the MYSQL database
mysql_select_db($DB_NAME,$link); //connect to the right DB
if($link){
$result=mysql_query($query); //runs the posted query (NO PROTECTION FROM INJECTION HERE)
if($result){
if (strlen(stristr($query,"SELECT"))>0) { //tests if its a select statemnet
$outputdata=array();
while ($row = mysql_fetch_assoc($result)){
$outputdata[]=$row; //formats the result set to a valid array
}
echo json_encode(array("VALUE",$tag,array_merge($outputdata))); //sends out a JSON result with merged output data
} else {
echo json_encode(array("VALUE",$tag,array_merge(array(array("AFFECTED_ROWS ".mysql_affected_rows($link)))))); //if the query is anything but a SELECT it will return the array event count
}
} else echo json_encode(array("VALUE",$tag,array_merge(array(array("ERROR QUERY IS INVALID"))))); //errors if the query is bad
mysql_close($link); //close the DB
} else echo json_encode(array("VALUE",$tag,array_merge(array(array("ERROR Database Connection Failed"))))); //reports a DB connection failure
} else {
echo json_encode(array("VALUE",$tag,array_merge(array(array("ERROR BAD CODE SUPPLIED"))))); //reports if the code is bad
}
}
?>
So to reiterate.
I can search the DB but can't INSERT INTO, unless I go through the myphpadmin interface.
Any ideas are very much appreciated