1

I'm having trouble remotly accessing a mysql database, for an android application in c#. Here is my C# script.

void mSignUpButton_Click(object sender, EventArgs e)
    {
        WebClient client = new WebClient();
        Uri uri = new Uri("http://hitachipickmeup.dx.am/SQLQuery.php");
        NameValueCollection parameters = new NameValueCollection();
        parameters.Add("Name", textName.Text);
        parameters.Add("Email", txtEmail.Text);
        parameters.Add("Password", txtPassword.Text);
        client.UploadValuesAsync(uri, parameters);

    }

And my PHP script:

 <?php
 $servername = "fdb13.awardspace.net";
 $username = "2100274_pickmeup";
 $password = "*************";
 try 
 {
     $conn = new PDO("mysql:host=$servername;dbname=2100274_pickmeup",      $username, $password);
     $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
     echo "Connected successfully";
}
catch(PDOException $e)
{
   echo "Connection failed: " . $e->getMessage();
}


if (isset($_POST['Name']) && isset($_POST['Email']) &&  isset($_POST['Password']))
{
   //Get the POST variables
   $mName = $_POST['Name'];
   $mEmail = $_POST['Email'];
   $mPassword = $_POST['Password'];

   //Insert new contact into database
   $query = 'INSERT INTO Contact_info (Contact_Name, Contact_Email, Contact_Password) VALUES ("$mName", "$mEmail","$mPassword")';
   $result = mysqli_query($query);
}
 ?>

When I go to http://hitachipickmeup.dx.am/SQLQuery.php, it says "connected successfully".

Phpmyadmin(database empty):https://i.stack.imgur.com/WOu6l.png

Antoine de Pommereau
  • 13
  • 5
  • 2
    [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php). – Jay Blanchard Apr 12 '16 at 21:03
  • 2
    Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). – Jay Blanchard Apr 12 '16 at 21:03
  • 2
    You established the connection to your database with PDO and you're trying to use the MySQLi API to execute the query. That will not work. Use PDO `execute()` – Jay Blanchard Apr 12 '16 at 21:05
  • On the last 2 lines of your code you use a `MySQLi` function while you are connected with PDO, this will not work, you can't mix connection API's. Either use `PDO`(I recommend this) or use `MySQLi` – Tom Apr 12 '16 at 21:09

1 Answers1

1

Replace the last if statement with this:

if (isset($_POST['Name']) && isset($_POST['Email']) &&  isset($_POST['Password'])){
    //Get the POST variables
    $mName = $_POST['Name'];
    $mEmail = $_POST['Email'];
    $mPassword = $_POST['Password'];

    //Insert new contact into database
    $query = $conn->query('INSERT INTO Contact_info (Contact_Name, Contact_Email, Contact_Password) VALUES (:name, :email, :password)');
    $query->execute([
        ':name' => $mName,
        ':email' => $mEmail,
        ':password' => $mPassword
    ]);
}

As you can see I changed it to PDO and I prepared the statement.

As I also said in a comment you can't mix database API's, either use PDO or MySQLi.

Tom
  • 606
  • 7
  • 28
  • Thanks but that still doesn't do the trick. When I execute my app, enter my info in textname, txtemail and txtpassword fields, click on sign up and refresh my mysql databse in phpmyadmin, it still says that Contact_info is empty. I don't see where's my error. Hope you can help. Thanks for your help. – Antoine de Pommereau Apr 14 '16 at 21:10
  • Do you know if it is possible to remotely access a microsoft azure mysql database? – Antoine de Pommereau Apr 17 '16 at 13:21
  • I don't use Azure so I can't help you with that. – Tom Apr 17 '16 at 17:16