0

I have a PHP code that used to add user values to DB when the registration time. I need the swift codes to insert the values from the user like username, email, password to the data base. I did this once but that PHP code used POST method. How to post for this format.

<?php
function userReg($json_request){

    //DB connection details
    include 'connection.php';

    $serviceId = $json_request['requestHeader']['serviceId'];
    $fullname = $json_request['requestInput']['full name'];
    $emailId = $json_request['requestInput']['email'];
    $password = $json_request['requestInput']['password'];

    $queryUser = "SELECT * FROM user_master WHERE email = '".$emailId."'";

    $result_user = $conn->query($queryUser);
    if($result_user->num_rows == 0){

        $insertUserSql = "INSERT INTO user_master (user_name, email, password) VALUES ('".$fullname."', '".$emailId."', '".$password."')";

        if (mysqli_query($conn, $insertUserSql)){
            $getUserIdSql = "SELECT user_id FROM user_master WHERE email = '".$emailId."'";
            $result_userId =  $conn->query($getUserIdSql);
            while($row_user = $result_userId->fetch_assoc()) {
                $user_details[] = $row_user;
            }
            $userId = $user_details["0"]["user_id"];

            $res['responseHeader']['serviceId'] = $serviceId;
            $res['responseHeader']['status']  = "100";
            $res['responseHeader']['message'] = "Success";
            $res['registerUserOutput']['userID'] = $userId;
            $res['registerUserOutput']['userInfo']['fullName'] = $fullname;
            $res['registerUserOutput']['userInfo']['email'] = $emailId;
            $res['registerUserOutput']['userInfo']['profilePic'] = "";

            $json_user_output = json_encode($res, JSON_UNESCAPED_SLASHES);
            echo $json_user_output;  
        }
    }
    else{
        $res['responseHeader']['serviceId'] = $serviceId;
        $res['responseHeader']['status']  = "99";
        $res['responseHeader']['message'] = "Email ID already exists";
        $res['registerUserOutput'] = "{}";

        $json_user_output = json_encode($res, JSON_UNESCAPED_SLASHES);
        echo $json_user_output;
    }
}

?>

Yasheed Mohammed
  • 187
  • 1
  • 14
  • you can follow my answer here: http://stackoverflow.com/questions/43907542/how-to-send-a-post-request-through-swift/43909864#43909864 It will help you write post method for your PHP code – Rouny May 17 '17 at 10:52
  • @Rouny its not working – Yasheed Mohammed May 17 '17 at 11:04
  • Are you adding username to that post method along with email and password and also make sure that you change the status code to 100 for your code and also try testing the API in postman with valid credentials once. – Rouny May 17 '17 at 11:21
  • As @Rouny said check first that your registration API routes are working using postman. Then you can use Alamofire for making the post request to the php server. – Kegham K. May 17 '17 at 13:25

1 Answers1

0

This answer covers the how to add parameters to a post request portion of URL session: POST Request in swift with key-value coding

Now I'd like to actually comment a bit on your PHP code. I see 2 problems with the way you do your SQL. First I'd recommend using PDO instead ( helpful blog post here: PDO vs. MySQLi

Second and most importantly, you're directly interpolating your user generated values into your queries making you directly vulnerable to a SQL Injection attack.

The correct way to solve this would be to use prepared statements with PDO. Although you can use mysqli_real_escape_string() it is in general much easier and better to just use prepared statements. As these escaping functions ( most notably addslashes() ) can have vulnerabilities of their own and make your code a lot less readable than prepared statements do.

This would go something like this:

<?php
$stmt = $dbh->prepare("INSERT INTO REGISTRY (name, value) VALUES (:name, :value)");
$stmt->bindParam(':name', $name);
$stmt->bindParam(':value', $value);

Source: PDO Prepared statements

I haven't done any raw PHP in a while so this is as far as it goes for me, but should help you on your way.

Community
  • 1
  • 1
Antwan van Houdt
  • 6,989
  • 1
  • 29
  • 52