0

I have the following script where the user enters some data from the android phone in order to register. 

<?php

include("connect.php");
include("functions.php");

if(logged_in())
{
    header("location:profile.php");
    exit();
}

$error = "";
$j = new stdClass();
$string = "";


if (isset($_POST['firstName']) && isset($_POST['lastName']) && isset($_POST['email']) && isset($_POST['password'])) {


    $firstName = $_POST['firstName'];
    $lastName = $_POST['lastName'];
    $email = $_POST['email'];
    $password = $_POST['password'];

    //echo $firstName."<br/>".$lastName."<br/>".$email."<br/>".$password."<br/>".$passwordConfirm."<br/>".$image."<br/>".$imageSize."<br/>";


        //We need to encrypt our password.
        $password = md5($password);


        $insertQuery = "INSERT INTO users(firstName,lastName,email,password) VALUES('$firstName','$lastName','$email','$password')";
        $result = mysqli_query($con,$insertQuery);
        if(!$result){

                $j->status  = "Fail";
                $j->message = "No users in database";
                $string = json_encode($j);
                echo "No inserted data";
                //echo $string;

            }else{
                $j->status  = "success";
                $j->message = "Successfully registered";
                echo "Data inserted";
                $string = json_encode($j);
            }


    echo $string;
}


?>

Unfortunately nothing happens. I can't even generate JSON from the url itself. For example I enter the url's link

http://localhost/android_reg/

and get nothing back. Shouldn't I get 

{
   "status":"fail",
   "status":"No users in database"
}

when there is not data in the database? Surely there is something wrong with my php code.

Theo
  • 3,099
  • 12
  • 53
  • 94
  • What output are you getting currently with this code? I would recommend you to create an array , store the values and json ecode the same – Tushar Gupta Sep 19 '15 at 06:57
  • Do you have a local Apache/PHP server running? Did you try a normal non-JSON PHP page to confirm it is working? – Nelson Sep 19 '15 at 06:57
  • And the URL, http://localhost/android_reg/, is not pointing to a file, so is your server setup to serve http://localhost/android_reg/index.php? – Nelson Sep 19 '15 at 06:58
  • If you are directly hitting the url then $_POST will not work and you have written your code inside the if statement. That's why you are getting nothing. – Happy Coding Sep 19 '15 at 06:58
  • I get no output with code at all!!! Also I have the local Apache server running. – Theo Sep 19 '15 at 07:00
  • I see. But how should the change the code in order to see the output? If I take out the if statement that has the isset($_POST['firstName']) etc,then the $firstName variables and the others,will not be recognised. – Theo Sep 19 '15 at 07:03
  • Entering the url is not supposed to generate anything because you aren't posting anything. – Zsw Sep 19 '15 at 07:03

2 Answers2

1

No. You shouldn't get anything thing back. The main part of your code checks various $_POST variables to see if they're set. Requesting the page in your web browser is a HTTP GET request, so you'll never see any output because the POST variables will never be set.

Shawn Conn
  • 431
  • 6
  • 11
  • I see. So there is nothing wrong with my code right? I ll have to check again the Android code. The debugger of Android Studio shows me that I am posting null variables in the server. Android mistake then. – Theo Sep 19 '15 at 07:05
  • There probably are other things wrong with your code, but this first problem will make the other errors irrelevant. – Nelson Sep 19 '15 at 07:07
0

Make sure your script generates json-output in any case.
Since the fail-branch is usually shorter I prefer to handle it first. In your case: if there is any POST parameter missing -> bail out.
Your script is also prone to sql injections. Prepared statements can avoid that.

<?php
require 'connect.php';
require 'functions.php';

if(logged_in())
{
    header("location:profile.php");
    exit();
}

// isset() can take multiple arguments and only returns true if all variables are set
if ( !isset($_POST['firstName'], $_POST['lastName'], $_POST['email'], $_POST['password']) ) {
    $result = array('status'=>'fail', 'message'=>'missing POST parameter(s)');
}
else {
    $stmt = $con->prepare('
        INSERT INTO
            users
            (firstName,lastName,email,password)
        VALUES
            (?,?,?,?)
    ');

    if ( !$stmt ) {
        $result = array('status'=>'fail', 'message'=>'prepare failed');
    }
    else if ( !$stmt->bind_param('ssss', $_POST['firstName'], $_POST['lastName'], $_POST['email'], $_POST['password']) ) {
        $result = array('status'=>'fail', 'message'=>'bind failed');
    }
    else if ( !$stmt->execute() ) {
        $result = array('status'=>'fail', 'message'=>'execute/insert failed');
    }
    else {
        $result = array('status'=>'success', 'message'=>'Successfully registered');
    }
}

// single, unconditional exit/output point (ok, except for the if(logged_in())/exit() thing)
echo json_encode($result);
VolkerK
  • 95,432
  • 20
  • 163
  • 226
  • This is much better. I get this output. – Theo Sep 19 '15 at 07:14
  • {"status":"fail","message":"missing POST parameter(s)"}. At least I know that the Post parameters are not set. – Theo Sep 19 '15 at 07:15
  • Ok. I connect my Android device to the database. Simply,I enter firstName etc. But the response I get is the missing POST parameters. How can I set them? – Theo Sep 19 '15 at 08:29
  • this one's pretty highly rated: http://stackoverflow.com/questions/9767952/how-to-add-parameters-to-httpurlconnection-using-post – VolkerK Sep 19 '15 at 09:21