Android post values to MySQL with PHP

Question

I work on an Android project, in which I use AsyncTask to send nameValuePairs to webservice. I use PHP code below to send data from application to database:

<?php
  require_once('dbConnect.php');

  $studentid = $_POST['name'];
  $classid = $_POST['classid']
  $studentid = $_POST['studentid'];
  $start = $_POST['start'];
  $end = $_POST['end'];
  $startsig = $_POST['startsig'];
  $endsig = $_POST['endsig'];

  $sql = "insert into signature (studentid,classid,start,end,startsig,endsig) values ('$studentid','$classid','$start','$end','$startsig','$endsig')";
  if(mysqli_query($con,$sql)){
    echo 'success';
  }
  else{
    echo 'failure';
  }
  mysqli_close($con);
?>

Values in dbConnect.php file are correct. Database schema looks like this.

I checked, application sends out data successfully, but when I try to access PHP file above from browser I get a HTTP 500 error. What else should I check in this case?

First step is debugging. The following lines of code will make PHP send the error text in the response. Examine the response and you will see the error. `error_reporting(E_ALL);` `ini_set("display_errors", "1");` Put these at the top of your PHP script, after the opening ` — I wrestled a bear once., Nov 05 '16 at 23:52
**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST` or `$_GET` data directly into a query, it can be very harmful if someone seeks to exploit your mistake. — tadman, Nov 06 '16 at 01:56

Kiran Muralee · Accepted Answer · 2016-11-05T23:59:24.980

1

There are two problems I noticed in your code you didn't put a semicolon after

$classid = $_POST['classid']

And also why are you assigning two different post values to same phpvariable $studentid = $_POST['name']; and $studentid = $_POST['studentid'];.Anyways $studentid will have the last assigned value $_POST['studentid']

Try debugging for more errors

edited Nov 05 '16 at 23:59

answered Nov 05 '16 at 23:53

Kiran Muralee

2,068
2
18
25

Android post values to MySQL with PHP

1 Answers1