PHP make query and return json null?! why

Question

This is my php:

<?php
// branch on the basis of 'calculate' value 
include('../php/config.php');
$email = $_POST['email'];
$password = $_POST['pass'];
$result = mysqli_query($db,"select * from Utenti where Email LIKE '$email' AND Password = '$password' ");
if (mysqli_num_rows($result)>0) {
    while($row = $result ->fetch_assoc())
    {
        $GetIdU = $row['ID'];
    }
    switch ($_POST['action']) {
        case "GetAllContact":
            $AddC =  $db->query("select * from Rubrica where ID_Utente = '$GetIdU'");
            if ($rAddC->num_rows > 0) {
                $srows = array();
                while($row = $AddC ->fetch_assoc())
                {
                    $rows=$row;
                }
                echo json_encode($rows);
            }
            break;
        case 'LoadAllContact':
            echo $_POST['number_1'] . " - " . $_POST['number_2'] . " = " . ($_POST['number_1']-$_POST['number_2']);
            break;
        case 'GetAllContact':
            echo $_POST['number_1'] . " x " . $_POST['number_2'] . " = " . ($_POST['number_1']*$_POST['number_2']);
            break;
        default:
            echo "Azione sconosciuta";
    }
}
?>

this is my java code:

 // HTTP POST request
    private static void sendPost(String post) throws Exception {

        String url = "myurl";
        URL obj = new URL(url);
        HttpURLConnection con = (HttpURLConnection) obj.openConnection();

        //add reuqest header
        con.setRequestMethod("POST");
        con.setRequestProperty("User-Agent", USER_AGENT);
        con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
        //"sn=C02G8416DRJM&cn=&locale=&caller=&num=12345"
        String urlParameters = post;

        // Send post request
        con.setDoOutput(true);
        DataOutputStream wr = new DataOutputStream(con.getOutputStream());
        wr.writeBytes(urlParameters);
        wr.flush();
        wr.close();

        int responseCode = con.getResponseCode();
        System.out.println("\nSending 'POST' request to URL : " + url);
        System.out.println("Post parameters : " + urlParameters);
        System.out.println("Response Code : " + responseCode);

        BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
        String inputLine;
        StringBuffer response = new StringBuffer();

        while ((inputLine = in.readLine()) != null) {
            response.append(inputLine);
        }
        in.close();
        String jsonText = response.toString();
        JSONObject json = new JSONObject(jsonText);
        System.out.print(json.toString());
        //print result
        Log.d("Data: ",response.toString());

    }

Also I have a html page from that I Checked the CONNECTION to the database. The problem does not seem to be there, also through a simple print from the php, it worked, but querying seems not return any results. I checked the query and there seems no errors, the data are inside the database, where am I doing wrong? Thanks for your time, You are a great comunity!

Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared statement and parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — RiggsFolly, Jul 13 '16 at 23:51
You are using proceedural mysql and OO mysql calls. How did you code your connection, can you show that also — RiggsFolly, Jul 13 '16 at 23:56
You are also returning JSON from one case and plain text from another, better to make all responses JSON, make it easier to deal with the results in JAVA — RiggsFolly, Jul 13 '16 at 23:58
It also look like you are storing Plain Text passwords on your database. **Very bad practice** PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them, I might want to use your site one day And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat) — RiggsFolly, Jul 14 '16 at 00:01
I dont see anywhere where you are setting `GetAllContact` in the data posted from your JAVA code? Or did I miss something — RiggsFolly, Jul 14 '16 at 00:04
Thank you very much for the advice, I have not finished writing it I know it has some flaws, but I want first solve these problems. — Lorenzo Longiave, Jul 14 '16 at 00:04
`$rows=$row;` should be `$rows[]=$row;` to add to the array. — Barmar, Jul 14 '16 at 00:07
I have set in another place, I verified by replacing the query with a simple echo and it worked, the problem is there ... — Lorenzo Longiave, Jul 14 '16 at 00:08
`$GetIdU` will just contain the last ID from the `while` loop. If the query can only return 1 row, you don't need a loop at all. — Barmar, Jul 14 '16 at 00:10
@Barman Now I turned off the pc, tomorrow I try and tell you if it worked, if that's beginning to cut myself, thank you very much — Lorenzo Longiave, Jul 14 '16 at 00:11
You also have a loop after the first query to retrieve what I would hope to be either 0 or 1 result from your result set — RiggsFolly, Jul 14 '16 at 00:14
yes, I'm learning, I can get the data directly from the query ?, I can see an example for retrive it directly? thanks @RiggsFolly — Lorenzo Longiave, Jul 14 '16 at 00:17

PHP make query and return json null?! why

0 Answers0