Trying to insert values into mysql using php at the back end and android as front end

Question

I am new to php and I am trying to connect my android app with my computer using xampp server. First I tried to check the php code, using Postman(rest client). I tried to insert values by giving request through postman, but the null value is inserting. Can someone help me please

I have tried with other rest client apps but the same error occurs. I have used isset() function to check whether the value is set or not. The value is null

<?php

if($_SERVER["REQUEST_METHOD"]=="POST") {
    require 'conn.php';//This is another php file for connecting php with 
    mysql
    register();
 } else{
    echo "Please give post request";
 }

function register()
{
    global $conn;

    if(isset($_POST['user']) || isset($_POST['pass'])){//Trying to check 
weather it is null or not

        $username = $_POST["user"];
        $password = $_POST["pass"];

        $query = "insert into login(username,password) 
                    values('$username','$password');";

        if(mysqli_query($conn,$query)) {
            echo"Success";
        } else {
            echo"failure";
        }
    }else{
        echo"Blank";//This is printing in that rest client
    }
    mysqli_close($conn);
 }
 ?>

First, you may want to use `!empty($_POST['user']) && !empty($_POST['pass'])` to make sure both have values. If it's printing out `Blank`, then you'll need to check what you're passing in with the rest client, and try `var_dump($_POST);` to see if there are any values at all. — aynber, May 08 '19 at 13:03
@DominicXavier Here--> `"insert into login(username,password) values('$username','$password');"` remove that `;` from query and check onces. — Swati, May 08 '19 at 13:06
Probably not useful but maybe some infos (specially about closed ports) https://stackoverflow.com/a/42262832/5885018 — statosdotcom, May 08 '19 at 13:07
**Warning!** _Never_ store passwords in plain text. Use [password_hash()](https://www.php.net/manual/en/function.password-hash.php) to create a hash of the password (which then is what you store in the DB). To verify a password, use [password_verify()](https://www.php.net/manual/en/function.password-verify.php). — M. Eriksson, May 08 '19 at 13:08
Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's — RiggsFolly, May 08 '19 at 13:11
@RiggsFolly - That's just because I'm @ work and don't have my prewritten snippets available ;-) — M. Eriksson, May 08 '19 at 13:12
@Swati While the semi-colon there is unnecessary, it won't break the query. — aynber, May 08 '19 at 13:19
**Are you paying any attention to the comments people are making and the questions people are asking????** — RiggsFolly, May 08 '19 at 13:32
I have used ($_POST['user']) && !empty($_POST['pass']) but it is still showing blank — Dominic Xavier, May 08 '19 at 13:49
So show us the HTML for the `
` the user just filled in and submitted — RiggsFolly, May 08 '19 at 13:50
I have not using html I am trying to connect php code with android. To check php code I am using Postman which is a rest client — Dominic Xavier, May 08 '19 at 13:54
Can anyone suggest me a way how to check my php code weather it is working or not??. I have tried all possible ways which I know. Please help — Dominic Xavier, May 08 '19 at 14:00
So show us how AND WHAT you are sending from postman to this script — RiggsFolly, May 08 '19 at 14:01
I have edited my question to show the pic of rest client kindly look into it — Dominic Xavier, May 08 '19 at 14:09
Your code uses **unsafe** sql queries, this means that if someone would fill in `'); DROP TABLE login; --` as their password you would have lost the login table if the database login is authorized to drop tables. If this is homework this would be fine, but in the real world use prepared statements. [short explanation](https://codereview.stackexchange.com/a/68082/91611) and [long explanation](https://websitebeaver.com/prepared-statements-in-php-mysqli-to-prevent-sql-injection) — x13, May 08 '19 at 14:27
From the image you upload, it seems that you are trying to send data through POST using `Query Params`. In order to send data through POST, you must use the `Body` option. [Here is a link](https://stackoverflow.com/questions/29364862/how-to-send-post-request-to-the-below-post-method-using-postman-rest-client) that can show you an example of how to do it. — Claudio Busatto, May 08 '19 at 14:36

score 1 · Answer 1 · answered May 08 '19 at 14:46

By design, the POST request method requests that a web server accepts the data enclosed in the body of the request message, most likely for storing it.

In contrast, the HTTP GET request method retrieves information from the server. As part of a GET request, some data can be passed within the URL's query string, specifying (for example) search terms, date ranges, or other information that defines the query.

Source: https://en.wikipedia.org/wiki/POST_(HTTP)

Based on the image that you upload, it seems that you are trying to send data using Query Params in a POST method and that is wrong. Query parameters should be used to identify an specific resource in the server, not to include a new resource.

In order to properly include a new resource, you must send data through POST, where this data is enclosed in the body of the request. Postman makes a Body tab available to help you to add your data. Here is an example [1] of a POST method with data. A more complete tutorial can be found here

Trying to insert values into mysql using php at the back end and android as front end

1 Answers1