I need to read data from an external database with hundreds of items. What I did so far is that I wrote the php query which returns all the items, so for i have done
php:
$db_host = "host";
$db_uid = "username";
$db_pass = "password";
$db_name = "person";
$db_con = mysql_connect($db_host,$db_uid,$db_pass) or die('could not connect');
mysql_select_db($db_name);
$sql = "SELECT * FROM employee ";
$result = mysql_query($sql);
while($row=mysql_fetch_assoc($result))
$output[]=$row;
print(json_encode($output));
mysql_close();
android:
String url = "http://localhost/index.php";
#Override
public void onCreate(Bundle savedInstanceState) {
/*
* StrictMode is most commonly used to catch accidental disk or network
* access on the application's main thread
*/
StrictMode.setThreadPolicy(new StrictMode.ThreadPolicy.Builder()
.detectDiskReads().detectDiskWrites().detectNetwork()
.penaltyLog().build());
super.onCreate(savedInstanceState);
setContentView(R.layout.hospital);
byear = (EditText) findViewById(R.id.editText1);
submit = (Button) findViewById(R.id.submitbutton);
tv = (TextView) findViewById(R.id.showresult);
// define the action when user clicks on submit button
submit.setOnClickListener(new View.OnClickListener() {
public void onClick(View v) {
// declare parameters that are passed to PHP script i.e. the
// name "birthyear" and its value submitted by user
ArrayList<NameValuePair> postParameters = new ArrayList<NameValuePair>();
data = byear.getText().toString();
// define the parameter
postParameters.add(new BasicNameValuePair("data", data));
String response = null;
// call executeHttpPost method passing necessary parameters
try {
response = CustomHttpClient.executeHttpPost(
url,
postParameters);
// store the result returned by PHP script that runs
// MySQL query
String result = response.toString();
// parse json data
try {
returnString = "";
JSONArray jArray = new JSONArray(result);
for (int i = 0; i < jArray.length(); i++) {
JSONObject json_data = jArray.getJSONObject(i);
Log.i("log_tag", "id: " + json_data.getInt("id")
+ ", name: " + json_data.getString("name")
);
// Get an output to the screen
returnString += "\n" + "Name ="
+ json_data.getString("name") + "\n"
+ "Contact number = "
+ json_data.getInt("contact") + "\n"
}
} catch (JSONException e) {
Log.e("log_tag", "Error parsing data " + e.toString());
}
try {
tv.setText(returnString);
} catch (Exception e) {
Log.e("log_tag", "Error in Display!" + e.toString());
;
}
} catch (Exception e) {
Log.e("log_tag",
"Error in http connection!!" + e.toString());
}
}
});
}
}
My question is how can I pass the data from edit text android to php query so the query will only return the proper items only
To send data to php use postParameters :
postParameters.add(new BasicNameValuePairs("id",data));
In your php script add
if(isset($_POST['id']){
var id = $_POST['id'];
// do db operation here
}
with id = your data id and data = your data.
$var_data=$_REQUEST['data'];
print($var_data);
use above 2 lines in your php code at line number 1 so it will print android data associated with key "data"
postParameters.add(new BasicNameValuePair("data", data));
First you have to write respective php script Then you can use this:
HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("http://Your Url");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2);
nameValuePairs.add(new BasicNameValuePair("uid",username));
nameValuePairs.add(new BasicNameValuePair("filename",filename));
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
Make sure that the field name in your table in server side is "uid" and "filename" respectively.
For more information see this.
Related
I'm using a JSONParser class to create JSON to be sended to the server, but I need to use it for receive information now, but I don't know how to do it, I'm a noob, sorry. I create the json with the next part of code, and the following class.
// Building Parameters
params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("userid", thought.getUser()));
params.add(new BasicNameValuePair("timestamp", "" + thought.getTimestamp()));
params.add(new BasicNameValuePair("message", thought.getMessage()));
params.add(new BasicNameValuePair("address", thought.getAddress()));
params.add(new BasicNameValuePair("latitude", "" + thought.getLatitude()));
params.add(new BasicNameValuePair("longitude", "" + thought.getLongitude()));
// getting JSON Object
// Note that create product url accepts POST method
JSONParser jsonParser = new JSONParser();
JSONObject json = jsonParser.makeHttpRequest(url_create_thought, "POST", params);
JSONParser.class
public class JSONParser {
static InputStream is = null;
static JSONObject jObj = null;
static String json = "";
// constructor
public JSONParser() {
}
// function get json from url
// by making HTTP POST or GET mehtod
public JSONObject makeHttpRequest(String url, String method, List<NameValuePair> params) {
// Making HTTP request
try {
// check for request method
if(method.equalsIgnoreCase("POST")){
// request method is POST
// defaultHttpClient
DefaultHttpClient httpClient = new DefaultHttpClient();
HttpPost httpPost = new HttpPost(url);
httpPost.setEntity(new UrlEncodedFormEntity(params));
HttpResponse httpResponse = httpClient.execute(httpPost);
HttpEntity httpEntity = httpResponse.getEntity();
is = httpEntity.getContent();
}else if(method.equalsIgnoreCase("GET")){
// request method is GET
DefaultHttpClient httpClient = new DefaultHttpClient();
String paramString = URLEncodedUtils.format(params, "utf-8");
url += "?" + paramString;
HttpGet httpGet = new HttpGet(url);
HttpResponse httpResponse = httpClient.execute(httpGet);
HttpEntity httpEntity = httpResponse.getEntity();
is = httpEntity.getContent();
}
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
try {
BufferedReader reader = new BufferedReader(new InputStreamReader(
is, "iso-8859-1"), 8);
StringBuilder sb = new StringBuilder();
String line = null;
while ((line = reader.readLine()) != null) {
sb.append(line + "\n");
}
is.close();
json = sb.toString();
} catch (Exception e) {
Log.e("Buffer Error", "Error converting result " + e.toString());
}
// try parse the string to a JSON object
try {
jObj = new JSONObject(json.toString());
} catch (JSONException e) {
Log.e("JSON Parser", "Error parsing data " + e.toString());
}
// return JSON String
return jObj;
}
}
The part in the server I think that it's ok.
Server get values part
<?php
/*
* Following code will list all the products
*/
// array for JSON response
$response = array();
// include db connect class
require_once __DIR__ . '/db_connect.php';
// connecting to db
$db = new DB_CONNECT();
// get all products from products table
$result = mysql_query("SELECT * FROM thoughts") or die(mysql_error());
// check for empty result
if (mysql_num_rows($result) > 0) {
// looping through all results
// products node
$response["thoughts"] = array();
echo '<center><div class="datagrid"><table>';
echo '<thead><tr><th>ID</th><th>USERID</th><th>TIMESTAMP</th><th>MESSAGE</th><th>ADDRESS</th><th>LATITUDE</th><th>LONGITUDE</th></tr></thead><tbody>';
while ($row = mysql_fetch_array($result)) {
// temp user array
$thought = array();
$thought["id"] = $row["id"];
$thought["userid"] = $row["userid"];
$thought["timestamp"] = $row["timestamp"];
$thought["message"] = $row["message"];
$thought["address"] = $row["address"];
$thought["latitude"] = $row['latitude'];
$thought["longitude"] = $row['longitude'];
echo '<tr><td>'.$row['id'].'</td><td>'.$row['userid'].'</td><td>'.$row['timestamp'].'</td><td>'.$row['message'].'</td><td>'.$row['address'].'</td><td>'.$row['latitude'].'</td><td>'.$row['longitude'].'</td></tr>';
// push single product into final response array
array_push($response["thoughts"], $thought);
}
// success
$response["success"] = 1;
// echoing JSON response
//echo json_encode($response);
echo '</table></center>';
} else {
// no products found
$response["success"] = 0;
$response["message"] = "No events found";
// echo no users JSON
echo json_encode($response);
}
?>
What it's the correct way to get data in android?? What I need to put in params?
JSONParser jsonParser = new JSONParser();
JSONObject json = jsonParser.makeHttpRequest(url_create_thought, **"GET"**, params);
Thanks for your help.
here is a simple way to get what u want from json-return url :
String sURL = "http://freegeoip.net/json/"; //just a string
// Connect to the URL using java's native library
URL url = new URL(sURL);
HttpURLConnection request = (HttpURLConnection) url.openConnection();
request.connect();
// Convert to a JSON object to print data
JsonParser jp = new JsonParser(); //from gson
JsonElement root = jp.parse(new InputStreamReader((InputStream) request.getContent())); //convert the input stream to a json element
JsonObject rootobj = root.getAsJsonObject(); //may be an array, may be an object.
zipcode=rootobj.get("zipcode").getAsString();//just grab the zipcode
I have written PHP code to fetch data from Database. It get the login values. (username & password). I connect it through mysql server/localhost. when I run this PHP code it always show the "0". It means it doesn't get the data from Database. Why is that?
Here my PHP code:
<?php
$hostname_localhost ="localhost";
$database_localhost ="gpsvts_geotrack";
$username_localhost ="root";
$password_localhost ="";
$localhost = mysql_connect($hostname_localhost,$username_localhost,$password_localhost)
or
trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db($database_localhost, $localhost);
$username = $_POST['uname'];
$password = $_POST['passwd'];
$query_search = "select 'uname' & 'passwd' from user_master where uname = '.$username.' AND passwd = '.$password.'";
$query_exec = mysql_query($query_search) or die(mysql_error());
$rows = mysql_num_rows($query_exec);
//echo $rows;
if($rows == 0) {
echo "No Such User Found";
}
else {
echo "User Found";
}
?>
I put this in my wamp server www folder.when i run this php file wamp server localhost it always say "no such user found".
i used this php file for fetching data from db to connect android login form. it contain two fields. which are username & password.
here I give my android login code.
b = (Button)findViewById(R.id.Button01);
et = (EditText)findViewById(R.id.username);
pass= (EditText)findViewById(R.id.password);
tv = (TextView)findViewById(R.id.tv);
b.setOnClickListener(new OnClickListener() {
#Override
public void onClick(View v) {
dialog = ProgressDialog.show(AndroidPHPConnectionDemo.this, "",
"Validating user...", true);
new Thread(new Runnable() {
public void run() {
login();
}
}).start();
}
});
}
void login(){
try{
httpclient=new DefaultHttpClient();
httppost= new HttpPost("http://10.0.2.2//new/nuwan1.php"); // make sure the url is correct.
//add your data
nameValuePairs = new ArrayList<NameValuePair>(2);
// Always use the same variable name for posting i.e the android side variable name and php side variable name should be similar,
nameValuePairs.add(new BasicNameValuePair("username",et.getText().toString().trim())); // $Edittext_value = $_POST['Edittext_value'];
nameValuePairs.add(new BasicNameValuePair("password",pass.getText().toString().trim()));
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
//Execute HTTP Post Request
response=httpclient.execute(httppost);
// edited by James from coderzheaven.. from here....
ResponseHandler<String> responseHandler = new BasicResponseHandler();
final String response = httpclient.execute(httppost, responseHandler);
System.out.println("Response : " + response);
runOnUiThread(new Runnable() {
public void run() {
tv.setText("Response from PHP : " + response);
dialog.dismiss();
}
});
if(response.equalsIgnoreCase("User Found")){
runOnUiThread(new Runnable() {
public void run() {
Toast.makeText(AndroidPHPConnectionDemo.this,"Login Success", Toast.LENGTH_SHORT).show();
}
});
startActivity(new Intent(AndroidPHPConnectionDemo.this, UserPage.class));
}else{
showAlert();
}
}catch(Exception e){
dialog.dismiss();
System.out.println("Exception : " + e.getMessage());
}
}
public void showAlert(){
AndroidPHPConnectionDemo.this.runOnUiThread(new Runnable() {
public void run() {
AlertDialog.Builder builder = new AlertDialog.Builder(AndroidPHPConnectionDemo.this);
builder.setTitle("Login Error.");
builder.setMessage("User not Found.")
.setCancelable(false)
.setPositiveButton("OK", new DialogInterface.OnClickListener() {
public void onClick(DialogInterface dialog, int id) {
}
});
AlertDialog alert = builder.create();
alert.show();
}
});
}
Always I got the alart no such user found & php response is No such user found
why is that?
pls help me.
I used following php code
<?php
$un=$_POST['uname'];
$pw=$_POST['passwd'];
//connect to the db
$host="localhost"; // Host name
$user="root"; // Mysql username
$pswd=""; // Mysql password
$db="gpsvts_geotrack"; // Database name
$tbl_name="user_master"; // Table name
$conn = mysql_connect($host, $user, $pswd);
mysql_select_db($db, $conn);
//run the query to search for the username and password the match
$query = "SELECT * FROM $tbl_name WHERE uname = '$un' AND passwd= '$pw'";
//$query = "SELECT uid FROM $tbl_name WHERE uname = '$un' AND passwd = '$pw'";
$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());
//this is where the actual verification happens
if(mysql_num_rows($result) > 0)
echo mysql_result($result,0); // for correct login response
else
echo 0; // for incorrect login response
?>
Then return uid as response. but not validating user. Is there PHP code wrong or android code wrong. I want to match the values user enter & database get. Is that happen in here.
if not give me correct thing.
In your program you are passing from your side is:
nameValuePairs.add(new BasicNameValuePair("username",et.getText().toString().trim())); // $Edittext_value = $_POST['Edittext_value'];
nameValuePairs.add(new BasicNameValuePair("password",pass.getText().toString().trim()));
And you are trying to fetch from PHP side is:
$un=$_POST['uname'];
$pw=$_POST['passwd'];
So Change The Name in nameValuePairs are passed with this:
nameValuePairs.add(new BasicNameValuePair("uname",et.getText().toString().trim())); // $Edittext_value = $_POST['Edittext_value'];
nameValuePairs.add(new BasicNameValuePair("passwd",pass.getText().toString().trim()));
If I'm not mistaken it should be like this because your post variables are spelled different than what you're putting in the name value pairs.
nameValuePairs.add(new BasicNameValuePair("uname",et.getText().toString().trim())); // $Edittext_value = $_POST['Edittext_value'];
nameValuePairs.add(new BasicNameValuePair("passwd",pass.getText().toString().trim()));
I am uplodaing data in MYSQL data base and at the same time I want to retrieve one of the attribute which I have inserted, for the satisfaction of my successful upload. when I press the button for first time then, it only upload the data to the server, and return nothing. Again when I hit the button then it does both the processs(insertion and retrieving data), so I can't return value at a first time in form of json object.
This is my php code engrdatainsert.php
<?php
$sqlCon=mysql_connect("localhost","root","");
mysql_select_db("PeopleData");
//Retrieve the data from the Android Post done by and Engr...
$adp_no = $_REQUEST['adp_no'];
$building_no = $_POST['building_no'];
$contractor_name = $_POST['contractor_name'];
$officer_name = $_POST['officer_name'];
$area = $_POST['area'];
-------------------insert the received value from an Android----------||
$sql = "INSERT INTO engrdata (adp_no, building_no,area,contractor_name,officer_name) VALUES('$adp_no', '$building_no', '$are', '$contractor_name', '$officer_name')";
//--------Now check out the transaction status of the Inserted data---------||
$q=mysql_query("SELECT adp_no FROM engrdata WHERE adp_no='$adp_no'");
while($e=mysql_fetch_assoc($q))
$output[]=$e;
print(json_encode($output));//conveting into json array
mysql_close();
?>
My Android code
public void insertdata()
{
InputStream is=null;
String result=null;
ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(5);
nameValuePairs.add(new BasicNameValuePair("adp_no",adp));//"34"));
nameValuePairs.add(new BasicNameValuePair("building_no",bldng));//"72"));
nameValuePairs.add(new BasicNameValuePair("area",myarea));//"72"));
nameValuePairs.add(new BasicNameValuePair("contractor_name",cntrct));//"72"));
nameValuePairs.add(new BasicNameValuePair("officer_name",ofcr));//"72"));
//http post
try{
HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("http://10.0.2.2/androidconnection/engrdatainsert.php");
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpResponse response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
is = entity.getContent();
Log.i("postData", response.getStatusLine().toString());
}
catch(Exception e)
{
Log.e("log_tag", "Error in http connection "+e.toString());
}
//convert the input strem into a string value
try
{
BufferedReader reader = new BufferedReader(new InputStreamReader(is,"iso-8859-1"),8);
StringBuilder sb = new StringBuilder();
String line = null;
while ((line = reader.readLine()) != null)
{
sb.append(line + "\n");
}
is.close();
result=sb.toString();
}
catch(Exception e)
{ Log.e("log_tag", "Error converting result "+e.toString()); }
try
{
JSONArray jArray = new JSONArray(result);
for(int i=0;i<jArray.length();i++)
{
JSONObject json_data = jArray.getJSONObject(i);
Toast.makeText(this, "data is "+json_data.getString("adp_no")+"\n", Toast.LENGTH_LONG).show();
String return_val = json_data.getString("adp_no");
if(return_val!=null)
{
Intent offff=new Intent(this,MainActivity.class);
offff.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP);
offff.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
//startActivity(offff);
}
}
}
//}
catch(JSONException e)
{ Log.e("log_tag", "Error parsing data "+e.toString()); }
// return returnString;//*/
}
In you PHP code, you are not executing the INSERT query. You need to do something like this:
-------------------insert the received value from an Android----------||
$sql = "INSERT INTO engrdata (adp_no, building_no,area,contractor_name,officer_name) VALUES('$adp_no', '$building_no', '$are', '$contractor_name', '$officer_name')";
mysql_query($sql) or die(mysql_error());
//--------Now check out the transaction status of the Inserted data---------||
Notice the line I added, which actually executes the query.
Now of course you should upgrade your code to mysqli or mysqlPDO since the PHP mysql package is not supported anymore.
If you want to use JSON in android for server purposes. like if you want to send data and retrieve a response from the server, then You have to use the JSON in accurate manner which have been defined in this link Json in Android
I have a problem connecting database with Android app. I am trying to implement this tutorial. Everything seems to be fine but I neither get any success not an error.
There is a button listener which on clicking does a post to a PHP file and gets the result. Here is the code for it:-
ok.setOnClickListener(new View.OnClickListener() {
#Override
public void onClick(View v) {
ArrayList<NameValuePair> postParameters = new ArrayList<NameValuePair>();
postParameters.add(new BasicNameValuePair("username", un.getText().toString()));
postParameters.add(new BasicNameValuePair("password", pw.getText().toString()));
//String valid = "1";
String response = null;
try {
response = CustomHttpClient.executeHttpPost("http://10.0.2.2/check.php", postParameters);
String res=response.toString();
Log.d("res:", res);
// res = res.trim();
res= res.replaceAll("\\s+","");
//error.setText(res);
if(res.equals("1"))
error.setText("Correct Username or Password");
else
error.setText("Sorry!! Incorrect Username or Password");
} catch (Exception e) {
un.setText(e.toString());
}
}
});
Here is the http post method:-
public static String executeHttpPost(String url, ArrayList<NameValuePair> postParameters) throws Exception {
BufferedReader in = null;
try {
HttpClient client = getHttpClient();
HttpPost request = new HttpPost(url);
UrlEncodedFormEntity formEntity = new UrlEncodedFormEntity(postParameters);
request.setEntity(formEntity);
HttpResponse response = client.execute(request);
in = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
StringBuffer sb = new StringBuffer("");
String line = "";
String NL = System.getProperty("line.separator");
while ((line = in.readLine()) != null) {
sb.append(line + NL);
}
in.close();
String result = sb.toString();
Log.d("postMethodReturn", result);
return result;
} finally {
if (in != null) {
try {
in.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
The PHP code is as below:-
<?php
$un=$_POST['username'];
$pw=$_POST['password'];
//connect to the db
$user = "xyz";
$pswd = "xyz";
$db = "mydb";
$host = "localhost";
$conn = mysql_connect($host, $user, $pswd);
mysql_select_db($db);
//run the query to search for the username and password the match
$query = "SELECT * FROM mytable WHERE user = '$un' AND pass = '$pw'";
$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());
//this is where the actual verification happens
if(mysql_num_rows($result) --> 0)
echo 1; // for correct login response
else
echo 0; // for incorrect login response
?>
Is there any bug in the program? I tried logging the intermediate values of res (http response) in activity code and result in the execute post method, but nothing is being logged. Tried changing "localhost" to "127.0.0.1" and also into a publicly available webhost, with all the database environment, but no success. All these on emulator and with public host, tried with real device too. Server seems to be running when checked from browser. Database exists with the values. All services running (apache, mysql).
The main problem is that there is no error! Any suggestions what is going wrong?
Couldn't find anyone with the same problem.
the problem was --> in the PHP code. changed it to == or > and everything works fine!
guys i am working on android 2.2 i am stuck where the user need to be authenticated with his use name and password
below is my code
PHP code:
<?php
$un=$_POST['userid'];
$pw=$_POST['password'];
mysql_connect("localhost","root","");
mysql_select_db("myhealthcare");
$sql=mysql_query("select userid,password from register where userid='$un' and password='$pw'");
while($row=mysql_fetch_assoc($sql))
$output[]=$row;
print(json_encode($output));
mysql_close();
?>
Java Code:
ArrayList<NameValuePair> nvp = new ArrayList<NameValuePair>();
nvp.add(new BasicNameValuePair("userid", userid.getText().toString()));
nvp.add(new BasicNameValuePair("password", password.getText().toString()));
String un = userid.getText().toString();
String pass = password.getText().toString();
System.out.println("user name is " + un);
System.out.println("password is " +pass);
// Log.e(""+sid.getText().toString(),"0");
// Log.e(""+sname.getText().toString(),"0");
try {
HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("http://10.0.2.2/login.php");
httppost.setEntity(new UrlEncodedFormEntity(nvp));
HttpResponse response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
is = entity.getContent();
} catch(Exception e){
Log.e("log_tag", "Error in http connection"+e.toString());
}
try {
BufferedReader bf = new BufferedReader(new InputStreamReader(is,"iso-8859-1"),8);
sb = new StringBuilder();
sb.append(bf.readLine()+ "\n");
String line="0";
while ((line = bf.readLine()) != null) {
sb.append(line + "\n");
}
is.close();
result=sb.toString();
System.out.println("value of result " +result);
}catch(Exception e){
Log.e("log_tag", "Error converting result "+e.toString());
}
String unm,pwd;
try {
jArray = new JSONArray(result);
JSONObject json_data = null;
for(int i=0;i<jArray.length();i++){
json_data = jArray.getJSONObject(i);
unm = json_data.getString("userid");
pwd = json_data.getString("password");
System.out.println("databse user name is " +unm);
System.out.println("databse password is " +pwd);
}
} catch(JSONException e1){
Toast.makeText(getBaseContext(), "No details Found" ,Toast.LENGTH_LONG).show();
} catch (ParseException e1) {
e1.printStackTrace();
}
i am able to fetch the value from database but i am not able to compare with user entered values please help
I would do the PHP sometheing like this instead, to do the authentication on the server and not passing the login info back and forth:
<?php
$un=mysql_real_escape_string($_POST['userid']);
$pw=mysql_real_escape_string($_POST['password']);
mysql_connect("localhost","root","");
mysql_select_db("myhealthcare");
$result=mysql_query("select userid from register where userid='$un' and password='$pw'");
if (mysql_num_rows($result) == 0) {
print("Not authorized"); // Or send a json-encoded object containing the message
} else {
print("Authorized");
}
mysql_close();
?>
Update
Use PHP's mysql_real_escape_string() before running any data input by a user in your SQL. Otherwise you open your DB to SQL-injections, which is really bad.