1

I am trying to insert values into a test database that I have created from a Winform Application. I have it working for the most part but there is always one of the keys missing when I send over the POST request.

I have a php file stored on lamp stack and the pertaining code to insert is below:

$CustId = mysqli_real_escape_string($con, $_POST['CustId']);
$LastName = mysqli_real_escape_string($con, $_POST['LastName']);
$FirstName = mysqli_real_escape_string($con, $_POST['FirstName']);
$DOB = mysqli_real_escape_string($con, $_POST['DOB']);
$CustPhone = mysqli_real_escape_string($con, $_POST['CustPhone']);
$LatestToken = mysqli_real_escape_string($con, $_POST['LatestToken']);
$AcntLast4 = mysqli_real_escape_string($con, $_POST['AcntLast4']);
$AuthKey = mysqli_real_escape_string($con, $_POST['AuthKey']);

$sql="INSERT INTO Customer (CustId, LastName, FirstName, DOB, CustPhone, 
LatestToken, AcntLast4, AuthKey) VALUES ('$CustId', '$LastName', 
'$FirstName', '$DOB', '$CustPhone', '$LatestToken', '$AcntLast4', 
'$AuthKey')";

Now on the C# Winforms Side I have the following code as a button event. NOTE I have hardcoded the values because I didn't want to type them in the text box everytime

string URL = "http://localhost/InsertCustomer.php";
        WebClient webClient = new WebClient();

        NameValueCollection formData = new NameValueCollection();
        formData["CustId"] = "avc7";
        formData["LastName"] = "Tired";
        formData["FirstName"] = "Iam";
        formData["DOB"] = "2009-05-04";
        formData["CustPhone"] = "54433454";
        formData["LatestToken"] = "85858dgggd"; //We get this from the call
        formData["AcntLast4"] = "9874"; //We get this from the call
        formData["Authkey"] = "fake"; //This is stored in config file    



        byte[] responseBytes = webClient.UploadValues(URL, "POST", formData);
        string responsefromserver = Encoding.UTF8.GetString(responseBytes);
        richTextBox1.Text = responsefromserver;
        webClient.Dispose();

Now when I fire this event it stores all of the values into the mysql table with the exception of "AuthKey".

There are 2 tables. One table is called Customer which is structured as follows:

CUSTOMER
CustID Primary Key Not null
LastName varchar
FirstName varchar
DOB Date
CustPhone varchar
LatestToken varchar
AuthKey Primary Key Not Null
AcntLast4

There is also a History table

HISTORY
HistoryNum Primary Not Null Auto Increment
TransAmt varchar
Transdate date
TransType varchar
AuthKey varchar
CustId varchar

When I try to insert into the customer table as shown above it does not fill in a value for "AuthKey" but it does for everything else.

And when I try to insert into the history table it does not fill "AuthKey" or "CustId" but it does for everything else.

Somewhere I think I am screwing up on keys. This database may not be modeled appropriately at this time but why is it behaving this way? I have been staring at it and trying several little changes to see if it fixes but I have had no success. This is my last resort. Thanks

One other note: When I do the queries simply in the terminal using mysql everything inserts just fine. So I am just not sure what is going on here

EDIT: Some things I have done to narrow down the problem.

  1. I know that the table is fine considering that I can type these insert queries straight from the mysql terminal and they behave just fine.
  2. I know that the NameValueCollection is in fact holding the correct data as I ran a loop and printed out the values and "AuthKey" value was there.
Rak
  • 23
  • 1
  • 5
  • maybe you have duplicate value of AuthKey, in this case it fires because of primary key – godot Apr 12 '18 at 20:25
  • But if the key is both CustId and AuthKey why would it matter if AuthKey was duplicate as long as the CustId is not? It is still unique in this case – Rak Apr 12 '18 at 20:29
  • I'm surprised you can have two primary keys in your customer table. Usually you would have to make a composite key with the two fields and make that primary. Is that a mistake above? How did you create the table with two primary keys? – Ron Beyer Apr 12 '18 at 20:29
  • The table with the composite key was created like this. https://stackoverflow.com/questions/5835978/how-to-properly-create-composite-primary-keys-mysql. I just wrote it down in the structure I did because it looked like this on phpMyAdmin – Rak Apr 12 '18 at 20:32
  • The schema you posted doesn't have a type for the `AuthKey` field, is `CustId` and `AuthKey` both varchar (not sure they can be different types in a composite key, but just asking)? – Ron Beyer Apr 12 '18 at 20:35
  • Yes sorry, everything is varchar except for the Dates and Historynum is an int. – Rak Apr 12 '18 at 20:36
  • I just dont understand how it is working fine by using a query in the terminal of the linux machine. Something is not right with either the php part or the c# part. Im stumped – Rak Apr 12 '18 at 20:38
  • I'm not sure if you want to test this, but does it work if you use a single primary key instead of a composite one? I don't know that it would make a difference. You may also have to turn on [MySql logging](https://dev.mysql.com/doc/refman/5.7/en/server-logs.html) to see what is actually being run on the sql server. – Ron Beyer Apr 12 '18 at 20:41
  • 2
    I notice that formData["Authkey"] does not match case with $_POST['AuthKey']. Could that be the problem? – Honeyboy Wilson Apr 12 '18 at 20:44
  • @HoneyboyWilson I feel like the biggest idiot right now. Thanks. It was driving me crazy. I knew it was something tiny – Rak Apr 12 '18 at 20:46
  • I'm no expert in PHP but that looks like an SQL injection vulnerability to me. – Richardissimo Apr 12 '18 at 21:43
  • It is, but I am not worried about it at the moment. I just wanted to move the data around – Rak Apr 13 '18 at 15:55

0 Answers0