PHP script to get cell based on first column cell of mysql table

Question

I am trying implement a search activity which gets data from a mysql table based on a search.

I want to write a PHP script to use the string entered into the EditText and get the adjacent cell.

For example, Imagine there are two columns of the mysql table: Firstname and surname; I would like to be able to get the surname by searching the Firstname (Entering the Firstname into the EditText. I know this may require a SELECT Surname FROM Names WHERE ... query but how do I indicate the variable from my Java class?

The PHP script so Far:

<?php
mysql_connect("localhost","root","");
mysql_select_db("androidapp");
$sql=mysql_query("SELECT surname WHERE $get'fname'");
while($row=mysql_fetch_assoc($sql)) $output[]=$row;
print(json_encode($output));
mysql_close();
?>

Also, is the HttpGet method appropriate or HttPost method to do this, the result should display the surname in a TextView

Answer 1

i assume you want to send and receive data from php to java (android) through http post or http get. correct me if i am wrong.

basically what you want php to return is the row that matches the first name in the table.

mysql_connect("localhost","root","");

mysql_select_db("androidapp");

$fname = mysql_real_escape_string($_POST['fname']);

$result = mysql_query("SELECT surname FROM names WHERE fname = '$fname'");

//if you want only one record then
$row = mysql_fetch_array($result);

echo json_encode($row);

mysql_close();

always remember to escape the data for any sql injection with php's mysql_real_escape_string() function. ans also i would prefer HTTP POST.

from your android application you will have to send a http request to the server where the PHP script is.

hope this helps you

Answer 2

I'm not quite sure what you're doing with your query but I'd use

$fname = addslashes($_GET['fname']);
$sql = mysql_query("SELECT surname FROM Names WHERE fname='$fname'");
...

Clearly, you pass fname=whatever in the query.

GET is absolutely fine. HTTP specifies a GET request as one that returns information from the server and has no other side-effects (such as modifying the database).

Answer 3

I guess you have an Android application (written in Java) that communicate with a sort of web service coded in PHP.

Therefore, your PHP application should behave like any web service.

IN PHP, you can retrieve the parameters given to the script using the $_GET, $_POST or $_REQUEST global variables.

• $_GET contains only parameters send by the GET method (that is directly in the URL).

• $_POST contains only parameters send by the POST method (that is nested in the http query).

• $_REQUEST is a compilation of $_GET + $_POST.

For a web application, $_REQUEST is often the best solution, so you allow any methods (POST/GET) used by the caller. If you want to fix only one, choose $_POST or $_GET.

Therefore,

$sql = mysql_query("SELECT surname WHERE firstname='".mysql_real_escape_string($_REQUEST['fname'])."'");

Don't forget to escape the parameter with mysql_real_escape_string() in order to prevent from SQL injection.