32

I create an NSURLRequest to post my data in the iPhone application to a server to proceed the PHP script. My PHP script is look like this.

<?php
    $name = $_POST['name'];
    $email = $_POST['email'];

    $link = mysql_connect("localhost", "fffasfdas","Nfdsafafs") or die ("Unable to connect to database.");
    mysql_select_db("muradsbi_mydatabase") or die ("Unable to select database.");

    $sqlstatement= "INSERT INTO dbname (name,email) VALUES ('$name','$email')";
    $newquery = mysql_query($sqlstatement, $link);
    echo 'thanks for your register';
?>

and my NSURLRequst is created like below.

NSString *myRequestString = @"&name=Hello%20World&email=Ohai2u";
NSData *myRequestData = [NSData dataWithBytes: [myRequestString UTF8String] length: [myRequestString length]];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] initWithURL: [NSURL URLWithString: @"http://www.google.com/"]];
[request setHTTPMethod: @"POST"];
[request setHTTPBody: myRequestData];
NSData *returnData = [NSURLConnection sendSynchronousRequest: request returningResponse: nil error: nil];

However, this site is unable to get the data from this application and save it to the database, but I know it was connected succussfully because my application is able to get the response data from the server. I don't know whether my variable name is declared in the wrong way or others issues. How can I fix it?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
  • 1
    Also, you aren't releasing your memory... and you are missing some ";" characters. *PLEASE* always post your actual cut/pasted code. – Patricia Feb 14 '11 at 06:40
  • 3
    cut/paste actual code makes SQL injections more likely ;) – chunkyguy Feb 14 '11 at 06:40
  • use another library/collection to handle ur web requests for an easier time! http://allseeing-i.com/ – james Aug 11 '11 at 21:46

3 Answers3

53

You should remove the leading & in myRequestString and the problem is likely that the correct content-type header is not being sent. Try adding a call to

[request setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"content-type"];

You should also not pass nil for error, so you can see what the client thinks is going on.

Unrelated, but your PHP code is open to SQL injection attacks.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
superfell
  • 18,780
  • 4
  • 59
  • 81
  • @superfell-- just so I make sure I'm not a complete moron, is that because he's using unsanitized inputs for name and email, or is there something else I'm missing? – mmr Apr 12 '13 at 01:10
  • Yes, it takes random input and put it in a sql string to execute without any escaping or other checking. – superfell Apr 12 '13 at 01:21
7

It should be noted that ...

NSData *data = [NSData dataWithBytes: [myRequestString UTF8String]
                              length: [myRequestString length]];

... is very bad and can cause vague errors. With UTF8 there is zero guarantee that the number of bytes in your encoded string is the same as the number of characters in your string.

So instead, you should simply use:

NSData *data = [myRequestString dataUsingEncoding: NSUTF8StringEncoding];
Stefan Arentz
  • 34,311
  • 8
  • 67
  • 88
0

try this

NSString *name = [[NSString alloc]initWith String: @"Hello World"];     
NSString *email = [[NSString alloc]initWith String: @"Ohai2u"];     
NSString *urlString = [NSString stringWithFormat:@"http://somedomain.com/sendMail.php?name=%@&email=%@", 
                           [name stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding],
                           [email stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]];

    NSURL *url = [[NSURL alloc] initWithString:urlString];

    NSURLRequest *urlRequest = [NSURLRequest requestWithURL:url];

    NSData *urlData;
    NSURLResponse *response;
    urlData = [NSURLConnection sendSynchronousRequest:urlRequest returningResponse:&response error:nil];
    [url release];

just dont forget to release the strings

set the headers in the PHP script

Spire
  • 1,055
  • 2
  • 17
  • 47