Php web service.How to get data from a database?

Question

I am developing an adroid app and I faced some trouble about php web service.

I want to get user type information form database and according to the answer I will do some process in the background.

So in my authentication code there is a area like this to get usertype;

function getUserType(){
    $sql = "SELECT `usertype` FROM `login_test` WHERE username = '". $this->username2."'
     AND password = '".$this->password2."'";

    $result = mysqli_query($this->DB_CONNECTION, $sql);

    if(mysqli_num_rows($result)>0){
        return (?);
    }
}

and my in my login code the message will be send here;

if ($userStatus) {
// user existed
// So log him to main page
$json['success'] = 1;
$json['message'] = 'Access Granted';
$json['usertype'] = 'Client';


echo json_encode($json);

Here I dont know how to access a certain field called 'usertype' in my table (I am really new in php) and how to return the value that I got.

Any help will be apreciated

P.S = $userStatus returns ture.

**Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Aug 03 '17 at 10:54
Because I am not advanced in mysql database systems and php I dont know how to protect my database from injections I just heard about regex to protect. — Agent48, Aug 03 '17 at 10:59

Tom · Answer 1 · 2017-08-03T11:14:26.597

1

You could try doing this:

$sql = "SELECT * FROM `login_test` WHERE username = '$this->username2' AND password = '$this->password2'";
$result = mysqli_query($this->DB_CONNECTION, $sql);
return $result->fetch_object()->userType;

While please do keep in mind to use prepared statements.

edited Aug 03 '17 at 11:14

answered Aug 03 '17 at 11:10

Tom

316
2
9
30

see the updated answer, you'll have to select all fields using * instead of specifying the field in select this way – Tom Aug 03 '17 at 11:15
I have just finished controlling your advice but there is some problem here.The problem is it only gets the first entry of the table I mean there is 5 users 5 passwords 5 types and it only gets the first user's usertype.Also the other users dont return any values when I checking via postman app the blank page appears. – Agent48 Aug 03 '17 at 13:07
in that case you will have to loop into the $result first then only do the fetch_object method. – Tom Aug 03 '17 at 13:11
I have just realised that in my getUserType funtion there is a problem that I couldnt find.When I comment it the code works when I activate it code doesnt return anything to the postman – Agent48 Aug 03 '17 at 13:15
In addition I think the fetch_object method doesnt work somehow. – Agent48 Aug 03 '17 at 13:22

Php web service.How to get data from a database?

1 Answers1