We Keep Coding

PHP post through URL parameters

I am trying to do php post to mysql databse using a android app and a website url.
But I do not know how to make a post request through a url.
I tried http://localhost/api/create_product.php?name=chetan&price=2000&description=someDescription
This returns required fields missing.
Maybe the url I'm trying to pass is incorrect
Help me to know that how do I do a post in DB using URL that returns JSON for success.
<?php
/*
* Following code will create a new product row
* All product details are read from HTTP Post Request
*/
// array for JSON response
$response = array();
// check for required fields
if (isset($_POST['name']) && isset($_POST['price']) && isset($_POST['description'])) {
$name = $_POST['name'];
$price = $_POST['price'];
$description = $_POST['description'];
// include db connect class
require_once __DIR__ . '/db_connect.php';
// connecting to db
$db = new DB_CONNECT();
// mysql inserting a new row
$result = mysql_query("INSERT INTO products(name, price, description) VALUES('$name', '$price', '$description')");
// check if row inserted or not
if ($result) {
// successfully inserted into database
$response["success"] = 1;
$response["message"] = "Product successfully created.";
// echoing JSON response
echo json_encode($response);
} else {
// failed to insert row
$response["success"] = 0;
$response["message"] = "Oops! An error occurred.";
// echoing JSON response
echo json_encode($response);
}
} else {
// required field is missing
$response["success"] = 0;
$response["message"] = "Required field(s) is missing";
// echoing JSON response
echo json_encode($response);
}
?>
DB_CONNECT() is working fine as I am able to do a GET query successfully

http://localhost/api/create_product.php?name=chetan&price=2000&description=someDescription => This is a request with GET parameters and your statement here :
if (isset($_POST['name']) && isset($_POST['price']) && isset($_POST['description'])) {
Are checking for POST parameters, either you change every $_POST by $_GET, either you change your method of passing arguments cause usually when you give arguments to put it in a database it's through POST and not GET for security reasons. GET parameters are used to read something but not insert.

How to correctly pass a PHP variable to another PHP page?

I have an android app where it uploads the file along with other variables using PHP to a server. I want to insert the uploaded file name(from the PHP file) to the PHP file which handles the inserting of variables to the database.
I want to get file_path to the another php file.
UploadToServer.php
<?php
session_start();
$file_path = "uploads/";
$file_path = $file_path . basename( $_FILES['uploaded_file']['name']);
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $file_path)) {
$_SESSION['image'] = "$file_path";
echo "success";
} else{
echo "fail";
}
?>
create_product.php
<?php
session_start();
/*
* Following code will create a new report row
* All report details are read from HTTP Post Request
*/
// array for JSON response
$response = array();
$image = $_SESSION['image'];
// check for required fields
if (isset($_POST['name']) && isset($_POST['location']) && isset($_POST['description']) && isset($_POST['type'])) {
$type = $_POST['type'];
$name = $_POST['name'];
$location = $_POST['location'];
$description = $_POST['description'];
// include db connect class
require_once __DIR__ . '/db_connect.php';
// connecting to db
$db = new DB_CONNECT();
// mysql inserting a new row
$result = mysql_query("INSERT INTO reports(type, name, location, description, image) VALUES('$type', '$name', '$location', '$description', '$file_path')");
// check if row inserted or not
if ($result) {
// successfully inserted into database
$response["success"] = 1;
$response["message"] = "report successfully created.";
// echoing JSON response
echo json_encode($response);
} else {
// failed to insert row
$response["success"] = 0;
$response["message"] = "Oops! An error occurred.";
// echoing JSON response
echo json_encode($response);
}
} else {
// required field is missing
$response["success"] = 0;
$response["message"] = "Required field(s) is missing";
// echoing JSON response
echo json_encode($response);
}
?>
Please tell me what's wrong.

There should be no session involved at all, you need to combine the 2 scripts:
<?php
// array for JSON response
$response = array();
// check for required fields
if (isset($_POST['name']) && isset($_POST['location']) && isset($_POST['description']) && isset($_POST['type'])) {
$file_path = "uploads/";
$file_path = $file_path . basename( $_FILES['uploaded_file']['name']);
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $file_path)) {
echo "success save to db";
$type = $_POST['type'];
$name = $_POST['name'];
$location = $_POST['location'];
$description = $_POST['description'];
// include db connect class
require_once __DIR__ . '/db_connect.php';
// connecting to db
$db = new DB_CONNECT();
// mysql inserting a new row
$result = mysql_query("INSERT INTO reports(type, name, location, description, image)
VALUES('$type', '$name', '$location', '$description', '$file_path')");
// check if row inserted or not
if ($result) {
// successfully inserted into database
$response["success"] = 1;
$response["message"] = "report successfully created.";
// echoing JSON response
echo json_encode($response);
} else {
// failed to insert row
$response["success"] = 0;
$response["message"] = "Oops! An error occurred.";
// echoing JSON response
echo json_encode($response);
}
} else{
echo "fail to upload will not save to DB";
}
} else {
// required field is missing
$response["success"] = 0;
$response["message"] = "Required field(s) is missing";
// echoing JSON response
echo json_encode($response);
}
?>
Please note:
This code will insert the record in the database only, it it
successfully uploaded the file.
mysql is deprecated
use mysqli or PDO, and prepare query to avoid SQL injection

Is there any easy way to convert PHP code for communicating to a MySQL database to code that is for SQL Server?

I am creating an android app that was previously used with a MySQL database, however now I have to use a SQL Server database. Are there any applications or resources that can convert one to the other?
Here is an example of the php code I was using to connect to the MySQL database:
db_connect.php
error_reporting(E_ERROR | E_WARNING | E_PARSE);
/**
* A class file to connect to database
*/
class DB_CONNECT {
// constructor
function __construct() {
// connecting to database
$this->connect();
}
// destructor
function __destruct() {
// closing db connection
$this->close();
}
/**
* Function to connect with database
*/
function connect() {
// import database connection variables
//require_once __DIR__ . '/db_config.php';
define('__ROOT__',dirname(dirname(__FILE__)));
require_once __ROOT__ . '/android_connect/db_config.php';
// Connecting to mysql database
$con = mysql_connect(DB_SERVER, DB_USER, DB_PASSWORD) or die(mysql_error());
// Selecing database
$db = mysql_select_db(DB_DATABASE) or die(mysql_error()) or die(mysql_error());
// returing connection cursor
return $con;
}
/**
* Function to close db connection
*/
function close() {
// closing db connection
mysql_close();
}
}
?>
create_product.php
<?php
/*
* Following code will create a new product row
* All product details are read from HTTP Post Request
*/
// array for JSON response
$response = array();
// check for required fields
if (isset($_POST['name']) && isset($_POST['price']) && isset($_POST['description'])) {
$name = $_POST['name'];
$price = $_POST['price'];
$description = $_POST['description'];
// include db connect class
require_once __DIR__ . '/db_connect.php';
// connecting to db
$db = new DB_CONNECT();
// mysql inserting a new row
$result = mysql_query("INSERT INTO products(name, price, description) VALUES('$name', '$price', '$description')");
// check if row inserted or not
if ($result) {
// successfully inserted into database
$response["success"] = 1;
$response["message"] = "Product successfully created.";
// echoing JSON response
echo json_encode($response);
} else {
// failed to insert row
$response["success"] = 0;
$response["message"] = "Oops! An error occurred.";
// echoing JSON response
echo json_encode($response);
}
} else {
// required field is missing
$response["success"] = 0;
$response["message"] = "Required field(s) is missing";
// echoing JSON response
echo json_encode($response);
}
?>

Insert query not working in WAMP Server

We have one android application which access WAMP Server using PHP. All queries like, Select* etc working fine. But insert query not working properly in specific condition,
When WAMP already have some data in database we failed to insert new data in database. But when WAMP server don't have any existing data then insert query work successfully. following is PHP code we are using to insert a data,
<?php
/*
* Following code will create a new product row
* All product details are read from HTTP Post Request
*/
// array for JSON response
$response = array();
// check for required fields
if (isset($_POST['UserName']) && isset($_POST['UserID']) && isset($_POST['Password']) && isset($_POST['Age'])&& isset($_POST['ContactNumber']) && isset($_POST['expiryDate'])) {
$UserName = $_POST['UserName'];
$UserID = $_POST['UserID'];
$Password = $_POST['Password'];
$Age = $_POST['Age'];
$ContactNumber = $_POST['ContactNumber'];
$expiryDate = $_POST['expiryDate'];
// include db connect class
require_once __DIR__ . '/db_connect.php';
// connecting to db
$db = new DB_CONNECT();
// mysql inserting a new row
$result = mysql_query("INSERT INTO normaluser(UserName, UserID, Password,Age,ContactNumber,expiryDate) VALUES('$UserName', '$UserID', '$Password','$Age','$ContactNumber','$expiryDate')");
// check if row inserted or not
if ($result) {
// successfully inserted into database
$response["success"] = 1;
$response["message"] = "New user successfully created.";
// echoing JSON response
echo json_encode($response);
} else {
// failed to insert row
$response["success"] = 0;
$response["message"] = "Oops! error is there.";
// echoing JSON response
echo json_encode($response);
}
} else {
// required field is missing
$response["success"] = 0;
$response["message"] = "Required fields is missing";
// echoing JSON response
echo json_encode($response);
}
?>
Can you guys please help use to solved this problem?

Ignoring the using of mysql_* which is deprecated and lack of sanitization of data.
You do not check if this User is already on the database. Assuming at least one of your columns is a unique or Primary key then this query is likely to fail if you try and create the same user twice.
But regardless of that possible issue if you add some useful error processing to your code you will be told exactly what the problem is. This is a little simplistic as you probably dont want these errors sent back to a user but it will tell you the exact error being returned from MySQL:
$result = mysql_query("INSERT INTO normaluser(UserName, UserID, Password,Age,ContactNumber,expiryDate)
VALUES('$UserName', '$UserID', '$Password','$Age','$ContactNumber','$expiryDate')");
// check if row inserted or not
if ($result) {
// successfully inserted into database
$response["success"] = 1;
$response["message"] = "New user successfully created.";
// echoing JSON response
echo json_encode($response);
} else {
// failed to insert row
$response["success"] = 0;
$response["message"] = 'Database error ' . mysql_errno() . ' ' . mysql_error();
// echoing JSON response
echo json_encode($response);
}

_POST method returns ??? when request utf8 characters

i have the following problem... i am building an android app and i regeuest text formated in utf8 (greek chars) from editTexts by using the POST method. The POST method gets the greek chras from the editTexts as '???' and insert them in mysal again as '???'
How will the POST recognize my greek chars???
<?php
// PHP variable to store the host address
$db_host = "localhost";
// PHP variable to store the username
$db_uid = "lolen";
// PHP variable to store the password
$db_pass = "lolen";
// PHP variable to store the Database name
$db_name = "lolen";
// PHP variable to store the result of the PHP function 'mysql_connect()' which establishes the PHP & MySQL connection
$db_con = mysql_connect($db_host,$db_uid,$db_pass) or die('could not connect');
mysql_query("SET character_set_results=utf8", $db_con);
mb_language('uni');
mb_internal_encoding('UTF-8');
mysql_select_db($db_name, $db_con);
mysql_query("set names 'utf8'",$db_con);
// array for JSON response
$response = array();
// check for required fields
if (isset($_POST['k_p']) )
{
$Kwdikos_Proiontos=$_POST['k_p'];
$Proion=$_POST['p'];
$Kwdikos_Tupou=$_POST['k_t'];
//$Tupos=$_POST['t'];
$sql=mysql_query("SELECT * FROM tupoi WHERE Kwdikos_Tupou LIKE '". $_POST["k_t"]."'", $db_con);
while($row = mysql_fetch_array($sql))
{
$output[]=$row['Tupos'];
$re= json_encode($output[0]);
$dd= json_decode($re, true);
}
$result =mysql_query("INSERT INTO proionta(Kwdikos_Proiontos, Proion, Kwdikos_Tupou, Tupos) VALUES('$Kwdikos_Proiontos', '$Proion', '$Kwdikos_Tupou', '$dd')");
//check if row inserted or not
if ($result) {
// successfully inserted into database
$response["success"] = 1;
$response["message"] = "Product successfully created.";
// echoing JSON response
echo json_encode($response);
}
else {
// failed to insert row
$response["success"] = 0;
$response["message"] = "Oops! An error occurred.";
// echoing JSON response
echo json_encode($response);
}
}
else
{
// required field is missing
$response["success"] = 0;
$response["message"] = "Required field(s) is missing";
// echoing JSON response
echo json_encode($response);
}
?>
ps. my db is already in utf8 cause i display and add other data in greek, by using SELECT , INSERT, in the db.

Finally i found a solution to my problem, i used GET method instead of POST, and now it works correctly! Thnx for the sql injection tips, i will read more about this issue!