I am trying to send an image to server, but the image should be in Base64 format. I am using this function to send it:
func upload_signature_staff(ticket: NSString){
let defaults = NSUserDefaults.standardUserDefaults()
let stringOne = defaults.stringForKey(defaultsKeys.staff_id)
let stringtwo = defaults.stringForKey(defaultsKeys.mst_customer)
let sig = defaults.stringForKey("staff_signature")
let request = NSMutableURLRequest(URL: NSURL(string: "http://xxxxxxxxxxxxx/upload.php")!)
request.HTTPMethod = "POST"
let postString = "action=add_signature&mst_customer=\((stringtwo!))&ticket=\((ticket))&signature=\((sig!))¤t_user=\((stringOne!))&item_type=10"
print(postString)
request.HTTPBody = postString.dataUsingEncoding(NSUTF8StringEncoding)
let task = NSURLSession.sharedSession().dataTaskWithRequest(request) { data, response, error in
guard error == nil && data != nil else { // check for fundamental networking error
print("error=\(error)")
return
}
if let httpStatus = response as? NSHTTPURLResponse where httpStatus.statusCode != 200 { // check for http errors
print("statusCode should be 200, but is \(httpStatus.statusCode)")
print("response = \(response)")
}
let responseString = NSString(data: data!, encoding: NSUTF8StringEncoding)
print("responseString = \(responseString)")
}
task.resume()
//self.performSegueWithIdentifier("goto_main2", sender: self)
}
The sig variable holds the Base64 string, it is being printed in my console so I can verify that the string is correct. I am also printing the postString and upon inspection it is also correct that the signature is matching the Base64 String. But when I open phpmyadmin, I see the field of my image with incomplete Base64 string, maybe 1/4 is just there.
Here's my php code, in case you want to see it:
<?php
require_once("../c.php");
$action = trim($_POST['action']);
if($action == "add_signature"){
$mst_customer = trim($_POST['mst_customer']);
$ticket = trim($_POST['ticket']);
$signature = trim($_POST['signature']);
$current_user = trim($_POST['current_user']);
$item_type = trim($_POST['item_type']);
$inputtime = time();
$sql = "INSERT INTO ticket_items SET mst_customer = '$mst_customer', ticket = '$ticket', ticket_item_type = '$item_type', details = '$signature', addedby = '$current_user', lastupdate = '$inputtime' ";
mysql_query($sql) or die(mysql_error());
}
?>
I think this was solved in the comments but here's a recap:
Inserting base64 strings that were too long (variable length?) in a varchar(255) field resulted in missing data. As far as I can tell, increasing the size of the field solved the immediate problem. I use the term "immediate" because, as #YvesLeBorg pointed out in the comments, this is bound to fail at some point without input size restrictions on the backend.
Additionally, I couldn't ignore the fact that the PHP/SQL code was wide open to injections.
Passing $mst_customer = trim($_POST['mst_customer']); on to "INSERT INTO ticket_items SET mst_customer = '$mst_customer' and then executing via mysql_query($sql) or die(mysql_error()); is dangerous!
Anybody could write anything in the $_POST parameter and SQL would happily accept it. Prepared statements, PDO, input sanitization etc. are there for a reason.
Finally, there was an issue concerning vanishing + signs in the base64 data. This was the result of missing url encoding of the post data.
I think that sums it up.
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 5 years ago.
Improve this question
I have a problem on Xcode using Swift 3.0, i want to store information in a mysql database with php. The php code is reached but always return failure on the insert request. I don't know, it works fine with android. Here's my code :
Swift :
#IBAction func SignUp(_ sender: UIButton) {
var Name1: String = Name.text!
var Prenom: String = PRENAME.text!
var add: String = Addr.text!
var code:String = CP.text!
var mail:String = Email.text!
var pass:String = password.text!
var request = URLRequest(url: URL(string: "http://www.example.com/myscript.php")!)
request.httpMethod = "POST"
let postString = "name=\(Name1)&pname=\(Prenom)&add=\(add)&pc=\(code)&mail=\(mail)&pass=\(pass)"
request.httpBody = postString.data(using: .utf8)
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data, error == nil else { // check for fundamental networking error
print("error=\(error)")
return
}
if let httpStatus = response as? HTTPURLResponse, httpStatus.statusCode != 200 { // check for http errors
print("statusCode should be 200, but is \(httpStatus.statusCode)")
print("response = \(response)")
}
let responseString = String(data: data, encoding: .utf8)
print("responseString = \(responseString)")
}
task.resume()
}
And my PHP code :
<?php
$reponse = array();
$pseudo = $_POST['name'];
$score = $_POST['pname'];
$add = $_POST['add'];
$pc = $_POST['pc'];
$mail = $_POST['mail'];
$password = $_POST['pass'];
$mysqli = new MySQLi("host","root","pass","user");
$result = $mysqli->query("INSERT INTO compte (Name,Name2,Ad,code,maiil,pass) VALUES('$pseudo','$score','$add','$pc','$mail','$password')");
if ($mysqli->connect_error){
die('Connect Error (' . $mysqli->connect_errno . ') '
. $mysqli->connect_error);
}
if($result){
$response["success"] = 1;
$response["message"] = "SUCCESS!";
echo json_encode($response);
}
else{
$response["success"] = 0;
$response["message"] = "FAILURE!";
echo json_encode($response);
}
A couple of thoughts:
On failure, you should set message to $mysqli->error instead of just "FAILURE!", so you can see why it failed.
I'd suggest moving the "did connection fail" logic before you attempt the query. I'd also suggest you change this to output JSON that says that the connection failed and exit, rather than just performing die. Later, as you improve the Swift code to parse errors, it will be useful to keep all server messages as JSON.
You should change the PHP to escape the parameters using real_escape_string. In the absence of that, if any of your values included a ' character, your SQL will fail. (You're also susceptible to SQL injection attacks.)
You should change the Swift to percent escape the values included in the httpBody of the request. See https://stackoverflow.com/a/28027627/1271826 for examples. Or use something like Alamofire that takes care of this for you. But as it stands:
If any of these values included a + character, it would likely be replaced with a space.
If any of these values included a & character, it would end up truncating that field.
If any of these values included any other reserved character, the whole query could fail.
While not essential, I'd suggest :
In the Swift code, set the Content-Type header of the request to application/x-www-form-urlencoded and the Accept header of the request to application/json.
request.setValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
request.setValue("application/json", forHTTPHeaderField: "Accept")
In the PHP code, set the Content-Type header to application/json before you echo the JSON:
header("Content-Type: application/json");
While this is optional, if you later adopt a library, like Alamofire, which performs validation for these standard headers, it will make your life easier.
don't forget to add this to info.plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
so you can fire http or https requests
-- make sure any of you parameters don't contain & so value can be sent successfully or replace it with %26
Sorry, my bad everything is OK, by doing the sqli->error, i have found the error, i have forgotten that i don't let duplicate the mail in my database. So thank you very much everyone. And have a good week end !
Im encrypting a string in PHP using the following code
<?php
$key256 = "323";
$iv128 = "2424";
$text = "ABC";
$blocksize = 16;
$len = strlen($text);
$pad = $blocksize - ($len % $blocksize);
$text .= str_repeat("0", $pad);
$cipher = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key256, $text, MCRYPT_MODE_CBC, $iv128);
echo $cipher;
?>
In SWIFT I use POST Request and get the data from the server and print out the fetched data to the console like this
var request = URLRequest(url: URL(string: "http://www.example.com/test.php")!)
request.httpMethod = "POST"
let akey:String = txt_key.stringValue;
let email:String = txt_email.stringValue
let VAL:String="test"
var data="blah"
let postString = data
request.httpBody = postString.data(using: .utf8)
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data, error == nil else { // check for fundamental networking error
print("error=\(error)")
return
}
if let httpStatus = response as? HTTPURLResponse, httpStatus.statusCode != 200 { // check for http errors
print("statusCode should be 200, but is \(httpStatus.statusCode)")
print("response = \(response)")
}
let responseString = String(data: data, encoding: .utf8)
print(responseString)
}
task.resume()
This keeps printing nil even when the Web Browser shows the encrypted string.
What I'm I doing wrong?
Update
I have set the app transport security and stuff in the info.plist and the printing works correctly if I don't use encryption in php
I am trying to sent input from the user to a php script to have it ultimately passed to an SQL server, Most of the code runs but having problem with submitting the data.
#IBAction func submit(_ sender: AnyObject) {
let requestURL = URL(string: "*****")
let request = NSMutableURLRequest(url:requestURL!)
request.httpMethod = "POST"
let song=txt1.text!
let artist=txt2.text!
let album=txt3.text!
let year=txt4.text!
let genre=txt5.text!
let songPost = "song=" + (song as String)
let artistPost = "&artist=" + (artist as String)
let albumPost = "&album=" + (album as String)
let yearPost = "&year=" + (year as String)
let genrePost = "&genre=" + (genre as String)
request.httpBody = songPost.data(using: String.Encoding.utf8);
request.httpBody = artistPost.data(using: String.Encoding.utf8);
request.httpBody = albumPost.data(using: String.Encoding.utf8);
request.httpBody = yearPost.data(using: String.Encoding.utf8);
request.httpBody = genrePost.data(using: String.Encoding.utf8);
--->>let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data, error == nil else { // check for fundamental networking error
print("error=\(error)")
print(response)
return
}
if let httpStatus = response as? HTTPURLResponse, httpStatus.statusCode != 200 { // check for http errors
print("statusCode should be 200, but is \(httpStatus.statusCode)")
print("response = \(response)")
}
let responseString = String(data: data, encoding: .utf8)
print("responseString = \(responseString)")
}
task.resume()
Having an issue with the urlsession.shared.datatask line of code. Compiler error says "ambigious reference to member'dataTask(with:completionhandler:)"
What can get this code to work and how can I verify that this information was passed on the app?
The reason you get that error message is because you are passing NSMutableURLRequest where URLRequest is needed.
Changing this line:
let request = NSMutableURLRequest(url:requestURL!)
to this:
var request = URLRequest(url:requestURL!)
should fix it.
But I recommend a little more fixes to make your request successfully sent to the server:
let requestURL = URL(string: "*****")
//You should use `URLRequest` in Swift 3, mutability is represented by `var`
var request = URLRequest(url:requestURL!)
request.httpMethod = "POST"
//UITextField.text can be nil, you should treat nil cases
//(Generally avoid using forced unwrapping `!` as far as you can.)
let song = txt1.text ?? ""
let artist = txt2.text ?? ""
let album = txt3.text ?? ""
let year = txt4.text ?? ""
let genre = txt5.text ?? ""
//`song`,... are all Strings, you have no need to add `as String`
let songPost = "song=" + song
let artistPost = "&artist=" + artist
let albumPost = "&album=" + album
let yearPost = "&year=" + year
let genrePost = "&genre=" + genre
//You need to make a single data containing all params
//(Creating a concatenated String and getting `data` later would be another way.)
var data = Data()
data.append(songPost.data(using: String.Encoding.utf8)!)
data.append(artistPost.data(using: String.Encoding.utf8)!)
data.append(albumPost.data(using: String.Encoding.utf8)!)
data.append(yearPost.data(using: String.Encoding.utf8)!)
data.append(genrePost.data(using: String.Encoding.utf8)!)
request.httpBody = data
let task = URLSession.shared.dataTask(with: request) { data, response, error in
...
I am creating an app, where I am fetching the data from a php. To download the data from the php, I have a func that downloads the data, submits to the model, and then retrieves it whenever needed. Now the issue is, when my data is fetched from the data base, it is not snyc appropriately and getting the same info every where. For example, Name shows the mob phone; street address also shows the same.
here is my code
func download(){
let request = NSMutableURLRequest(url: URL(string: "http://www.some-site.com")!)
request.httpMethod = "POST"
let postString = "id=\(businessID)"
request.httpBody = postString.data(using: String.Encoding.utf8)
let task = URLSession.shared.dataTask(with: (request as URLRequest), completionHandler: { data, response, error in
let responseString = String(data: data!, encoding: String.Encoding.utf8)
let r = self.convertStringToDictionary(responseString!)
for element in r! {
print("element = \(element)")
let stname = String(describing: element.first!)
let sn = stname.replacingOccurrences(of: "\"STREET_NAME\", ", with: "")
let name = String(describing: element.first!)
let n = name.replacingOccurrences(of: "\"FILE_LOCATION\", ", with: "")
let reverse = element.reversed()
let fileloc = String(describing: reverse.first!)
let f = fileloc.replacingOccurrences(of: "\"BUSINESS_NAME\", ", with: "")
self.model = ProfilePage(fileloc: f, streetname: sn, name: n)
print("Address = \(stname)")
print("Name = \(name)")
print("File Location = \(f)")
DispatchQueue.main.async {
self.setUI()
}
}
if error != nil {
print("error=\(error)")
}
})
task.resume()
}
}
but yes in my output console, i can see all the infor appropriate, its just when i run this, it shows all the info as one
Screenshots
Let me Know is this work for you,
let r = self.convertStringToDictionary(responseString!) // Make sure Your string is successfully converted as NSDictionary else use below
// let r = self.convertStringToDictionary(responseString!) as NSDictionary // if r is dictionary, then convert to NSDictionary
let stname = r["STREET_NAME"] as! String
let name = r["FILE_LOCATION"] as! String
let f = r["BUSINESS_NAME"] as! String
print("Address",stname)
print("Name",name)
print("File Location",f)
DispatchQueue.main.async {
self.setUI()
}
If you confuse, then refer below example
let mydict = ["Hip-Hop Tamizha": 21,"Hip-Hop Tamizha":"Takkaru Takkaru","Michael Jackson":"Beat It","Taylor Swift":"Back to December","Katy Perry":"Fire Works","Selina Gomez":"Love You Like A Love Song Baby","Avril Lavigne":"Slipped Away","Eminem":"The Music Box","Akhil":"Khaab","Hip-Hop Tamizha": 21,"Akhil": 61] as NSDictionary
let hop = mydict["Hip-Hop Tamizha"] as AnyObject
let swift = mydict["Taylor Swift"] as! String
print("The Number:",hop)
print("Taylor Swift song:",swift)
I'm using PHP & JSON to extract some data from a database.
This is my PHP file
<?php
error_reporting(0);
ini_set('error_reporting', E_ALL);
ini_set('display_errors','Off');
$mysqli = new mysqli("localhost", "root", $_REQUEST['password'], "");
if ($mysqli->connect_errno) {
echo "Failed to connect to DB.";
die();
} else {
$dbs = array();
$res = $mysqli->query("SHOW DATABASES");
$res->data_seek(0);
if ($res->num_rows > 0) {
while($row = $res->fetch_assoc()) {
$dbs[] = $row;
}
echo json_encode($dbs);
} else {
echo "Failed to get list of databases from server.";
die();
}} ?>
If the password is wrong, then the system outputs "Failed to connect to DB"
In my program, I have things to handle errors, but I am stuck at one part.
let urlString = "http://\(hostTextField.text):\(portTextField.text)/dblist.php? &password=\(passTextField.text)"
let url: NSURL = NSURL(string: urlString)!
let urlSession = NSURLSession.sharedSession()
println(url)
println(urlSession)
//2
let jsonQuery = urlSession.dataTaskWithURL(url, completionHandler: { data, response, error -> Void in
println(response)
println(data)
if (error != nil) {
println("Can't connect using credentials")
dispatch_async(dispatch_get_main_queue(), {
HUDController.sharedController.hide(afterDelay: 0.1)
})
sleep(1)
var refreshAlert = UIAlertController(title: "Camaleon Reports", message: "Can't connect to the database", preferredStyle: UIAlertControllerStyle.Alert)
refreshAlert.addAction(UIAlertAction(title: "Retry", style: .Default, handler: { (action: UIAlertAction!) in
println("Yes Logic")
}))
self.presentViewController(refreshAlert, animated: true, completion: nil)
return }
var err: NSError?
var jsonResult: [Dictionary<String, String>] = NSJSONSerialization.JSONObjectWithData(data, options: NSJSONReadingOptions.MutableContainers, error: &err) as [Dictionary<String, String>]
// 3
if (err != nil) {
println("Still cant connect....")
println("JSON Error \(err!.localizedDescription)")
}
var jsonDB : [Dictionary<String, String>] = jsonResult
for currentDictionary in jsonDB{
var currentEntry = currentDictionary["Database"] as String!
My program crashes if I don't have the right password, but have the right IP address and Port/User for the MYSQL Database.
It crashes with this:
fatal error: unexpectedly found nil while unwrapping an Optional value
and points towards jsonResult. It makes sense, cause I don't retrieve two strings.
My problem is that if my password is off, then my PHP file echoes a string. How can I search for that string so that I can use an if statement and stop my application from crashing?
Your problem is likely in this line (wrapped for clarity):
var jsonResult: [Dictionary<String, String>] =
NSJSONSerialization.JSONObjectWithData(data,
options: NSJSONReadingOptions.MutableContainers,
error: &err) as [Dictionary<String, String>]
When your PHP script reports the error by just returning the string, it has returned invalid JSON. When you use NSJSONSerialization.JSONObjectWithData to parse it, that method will return nil if the JSON is invalid, as yours is.
You then take that value and assign it to a Swift variable that you've declared is not an optional. Trying to assign nil to a variable not declared with either ? or ! is a runtime error in Swift. (You don't get an error at compile time because you're using as to cast the value.)
One way to fix this would be to change your PHP so the error is proper JSON:
echo "{ \"error\": \"Failed to connect to DB.\" }"; # or something, my PHP is rusty
But that still leaves your Swift program in a fragile state; getting anything but proper JSON back from the server will make it crash.
Better is to declare the jsonResult variable as being an optional:
var jsonResult: [Dictionary<String, String>]? =
NSJSONSerialization.JSONObjectWithData(data,
options: NSJSONReadingOptions.MutableContainers,
error: &err) as [Dictionary<String, String>]?
Then in your code you can explicitly check whether jsonResult is nil, and if it is, you know an error has occurred, and can go back and look at the data object to see what it was.
Even that, though, can leave you in trouble. The root of a JSON document doesn't have to be a dictionary; it could be an array. And even if it is a dictionary, the values may not all be strings; they could be numbers, booleans, or nested arrays or dictionaries!
Objective-C's relatively lax type checking makes this easy to deal with, but Swift is stricter. Best might be to use one of the Swift-specific JSON libraries. That'll make your code far more robust.
Good luck!
There are two issues. One is the PHP and one is the Swift.
Your PHP really should never just report an error message. I'd suggest that it always return JSON. This will make it easier for your client code to detect and handle errors appropriately.
<?php
header("Content-Type: application/json");
$response = array();
error_reporting(0);
ini_set('error_reporting', E_ALL);
ini_set('display_errors','Off');
if (!isset($_REQUEST['password'])) {
$response["success"] = false;
$response["error_code"] = 1;
$response["error_message"] = "No password provided";
echo json_encode($response);
exit();
}
$mysqli = new mysqli("localhost", "root", $_REQUEST['password'], "");
if ($mysqli->connect_errno) {
$response["success"] = false;
$response["error_code"] = 2;
$response["mysql_error_code"] = $mysqli->connect_errno;
$response["error_message"] = $mysqli->connect_error;
echo json_encode($response);
exit();
}
if ($res = $mysqli->query("SHOW DATABASES")) {
$dbs = array();
$res->data_seek(0);
if ($res->num_rows > 0) {
while($row = $res->fetch_assoc()) {
$dbs[] = $row;
}
$response["success"] = true;
$response["results"] = $dbs;
} else {
$response["success"] = false;
$response["error_code"] = 3;
$response["error_message"] = "Failed to get list of databases from server.";
}
$res->close();
} else {
$response["success"] = false;
$response["error_code"] = 4;
$response["mysql_error_code"] = $mysqli->errno;
$response["error_message"] = $mysqli->error;
}
$mysqli->close();
echo json_encode($response);
?>
Note, this:
Specifies application/json header for Content-Type;
Always returns a dictionary, containing
a "success" key, which is either true or false;
if an error, an error_code indicating the type of error (1 = no password provided; 2 = connect failed; 3 = no databases found; 4 = some SQL error);
if an error, an error_msg string indicating the error message string; and
if a success, a results array (much like you used to return at the root level).
On the Swift side, you need to :
Change it to look for these various server app-level errors (note, I make the top level structure a dictionary, and your original array of dictionaries a particular value;
You might want to proactively check the statusCode of the response object, to make sure the server gave you a 200 return code (e.g. 404 means that the page was not found, etc.);
You might also want to check for JSON parsing errors (in case some bug in the server prevented well-formed JSON from being returned); and
You really should be percent-escaping the password (because if it included + or & characters, it wouldn't get transmitted successfully otherwise).
Thus, you might have something like:
let encodedPassword = password.stringByAddingPercentEncodingForURLQueryValue()!
let body = "password=\(encodedPassword)"
let request = NSMutableURLRequest(URL: URL!)
request.HTTPBody = body.dataUsingEncoding(NSUTF8StringEncoding)!
request.HTTPMethod = "POST"
let task = NSURLSession.sharedSession().dataTaskWithRequest(request) { data, response, error in
// detect fundamental network error
guard error == nil && data != nil else {
print("network error: \(error)")
return
}
// detect fundamental server errors
if let httpResponse = response as? NSHTTPURLResponse where httpResponse.statusCode != 200 {
// some server error
print("status code was \(httpResponse.statusCode); not 200")
return
}
// detect parsing errors
guard let responseObject = try? NSJSONSerialization.JSONObjectWithData(data!, options: []) as? [String : AnyObject] else {
// some problem parsing the JSON response
print(String(data: data!, encoding: NSUTF8StringEncoding))
return
}
// now parse app-level response to make sure `status` was `true`
guard let success = responseObject!["success"] as? NSNumber else {
print("Problem extracting the `success` value") // we should never get here
return
}
if !success.boolValue {
print("server reported error")
if let errorCode = responseObject!["error_code"] as? NSNumber {
switch (errorCode.integerValue) {
case 1:
print("No password provided")
case 2:
print("Connection failed; probably bad password")
case 3:
print("No databases found")
case 4:
print("Some SQL error")
default:
print("Unknown error code: \(errorCode)") // should never get here
}
}
if let errorMessage = responseObject!["error_message"] as? String {
print(" message=\(errorMessage)")
}
return
}
if let databases = responseObject!["results"] as? [[String : AnyObject]] {
print("databases = \(databases)")
}
}
task.resume()
The percent-escaping code is in a String category:
extension String {
// see RFC 3986
func stringByAddingPercentEncodingForURLQueryValue() -> String? {
let characterSet = NSCharacterSet(charactersInString:"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~")
return self.stringByAddingPercentEncodingWithAllowedCharacters(characterSet)
}
}
A couple of other ancillary observations:
Never send a passwords in the clear. Put them in the body of a POST request (not the URL), and then use a https URL.
I'd personally not use the MySQL password part of the app-level authentication. I'd keep MySQL authentication logic encoded on the server-side, and then use your own user authentication table.