0

I am able to post from my iOS app to my MySQL database but when I have long sentences for example

I am trying to post this string: "Hello, how are you today?"

It won't do anything. So I improvised and replaced the spaces with _ and my string would look like this "Hello,_how_are_you_today?" and that worked!

But I thought it's weird that I have to do that.

So my question is, how can I post long strings with spaces without modifying it like how I did?

Here is the code that I have

iOS

NSString *strURL = [NSString stringWithFormat:@"http://www.example.com/post.php?dishname=%@&description=%@, dishname.text, description.text]";
    NSData *dataURL = [NSData dataWithContentsOfURL:[NSURL URLWithString:strURL]];
    NSString *strResult = [[NSString alloc] initWithData:dataURL encoding:NSUTF8StringEncoding];
    NSLog(@"%@", strResult);

php code

<?php

// Create connection
$servername = "localhost";
$username = "admin";
$password = "root";
$dbname = "dbname";
$con=mysqli_connect("localhost","admin","root","dbname");

if (!$con) {
 die("Connection failed: " . mysqli_connect_error());
 echo "Nothing happened";

}else{


}


if (isset ($_GET["dishname"]))
        $dishname = $_GET["dishname"];

    else
        $dishname = "Null";
if (isset ($_GET["description"]))
        $description = $_GET["description"];
    else
        $description = "Null";

echo "dishname : ". $dishname;
echo "description : ". $description;

$sql = "insert into RecipeFeed (DishName, Description) values ('".$dishname."','".$description."')";
$result = mysqli_query($con, $sql);
?>
Cyril
  • 2,783
  • 1
  • 24
  • 35
  • 3
    **WARNING**: When using `mysqli` you should be using parameterized queries and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). **NEVER** put `$GET` or `$_POST` data directly into a query. – tadman Feb 29 '16 at 23:41
  • Possible duplicate of [Is a URL allowed to contain a space?](http://stackoverflow.com/questions/497908/is-a-url-allowed-to-contain-a-space) – miken32 Mar 01 '16 at 00:39

2 Answers2

2

It's a lot cleaner to code if you use the object-oriented interface:

$con = new mysqli("localhost","admin","root","dbname");

if ($mysqli->connect_errno) {
  die("Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error);
  // Note, nothing happens after die inside the same block, so
  // don't put code here. It will never, ever run.
}

You also have a lot of dead code there that does nothing that's been removed.

Using prepared statements makes your statements easy to read and keeps you safe from SQL injection problems if you're careful not to use string interpolation:

$stmt = $mysqli->prepare("INSERT INTO RecipeFeed (DishName, Description) VALUES (?, ?)");

$stmt->bind_param('ss', $_GET['description'], $_GET['dishname']);

$result = $stmt->execute();

This will handle all your quoting for you, and as a bonus you don't have to worry about them being set or not.

tadman
  • 208,517
  • 23
  • 234
  • 262
1

This is something that's already been thought over. Don't reinvent the wheel. If you'd like to continue to use GET, use this question for handling encoding on the iOS side, and read about this PHP method for the PHP side. OR, you can use POST (which actually fits this better), and you don't have to encode anything.

I don't really think this needs a code example, and I'm not writing the iOS side (because it's in the link), but the PHP side should look like:

$dishname = isset($_POST["dishname"]) ? $_POST["dishname"] : null;
$description = isset($_POST["description"]) ? $_POST["description"] : null;

// do inserts per @tadman's answer

If you need to use GET for whatever reason, 

$dishname = isset($_GET["dishname"]) ? urldecode($_GET["dishname"]) : null;
$description = isset($_GET["description"]) ? urldecode($_GET["description"]) : null;
Community
  • 1
  • 1
Tyler Sebastian
  • 9,067
  • 6
  • 39
  • 62