2

In my app data is fetched from a database. For that a variable is passed to a php script and should be used in the query later. I tried it using $var = $_POST['name'] in the query, but it seems like the passed variable is empty. To test it, I inserted the variable into a table and used the isset() method as well. The first part works as it should, the variable is set and inserted, but in the second part with the query to fetch the data it doesn’t seem to be set since the variable returns the value „a“. Why is the value not set and not taken from above?

The php code:

<?php

include Connection.php;



$conn = new mysqli($servername, $username, $password, $dbname);


if(isset($_POST['name'])){

 $query = "INSERT INTO TestTable (name) VALUES ('$_POST[name]')";


 if(mysqli_query($conn,$query)){

    echo 'Data Submit Successfully';

 }
 else{

    echo 'Try Again';

 }
}



if(!isset($_POST['name'])){
    $var = "a";
} 

 $query = "SELECT * FROM TestTable WHERE name = '$var'";

    $result = mysqli_query($conn, $query);

    while($row = mysqli_fetch_assoc($result)) {
            $array[] = $row;
        }



    header('Content-Type:Application/json');
    echo json_encode($array);
    mysqli_close($conn);

?>
Mike Kng
  • 255
  • 2
  • 11

2 Answers2

2

Your query string is incorrect, fix by this: 

//...
$query = "INSERT INTO TestTable (name) VALUES ('".$_POST['name']."')";
//...

To fix SELECT query you should initialize $var in case isset($_POST['name']) returns true

//...
$var = "a";
if(isset($_POST['name'])){
    $var = $_POST['name'];
} 

$query = "SELECT * FROM TestTable WHERE name = '$var'";
Alexey Usachov
  • 1,364
  • 2
  • 8
  • 15
  • The inserting works this way, is it wrong or unconventional? – Mike Kng Apr 30 '18 at 10:03
  • 1
    @MikeKng string can't parse array with key expression, you need to do it with a help of string concatenation or with a help of additional variable. `('".$_POST['name']."')";` or `$var = $_POST['name']; $query = "INSERT INTO TestTable (name) VALUES ('$var')";` – Alexey Usachov Apr 30 '18 at 10:16
2

In the code

if(!isset($_POST['name'])){
    $var = "a";
} 

 $query = "SELECT * FROM TestTable WHERE name = '$var'";

change this to

$var = "";

if(!isset($_POST['name'])){
    $var = "a";
} 

 $query = "SELECT * FROM TestTable WHERE name = '$var'";
Umer Farooq
  • 762
  • 1
  • 8
  • 17
  • Isn‘t `$var` just empty then? – Mike Kng Apr 30 '18 at 10:28
  • 1
    No..when `!isset($_POST['name'])` gets true, its value will set to 'a'. `$var` must be declared outside the scope of `if block` so that you can access it out side the scope of `if block`. – Umer Farooq Apr 30 '18 at 10:31
  • 1
    Since your `select query` is outside the `if block` therefore `$var` must be declared outside the scope of `if block` otherwise you can't access `$var` in your query – Umer Farooq Apr 30 '18 at 10:36
  • I understand, but `$_POST['name']` is used above as well, why does the `isset()` return that it‘s empty? – Mike Kng Apr 30 '18 at 10:41
  • have you tried debugging the script by calling `var_dump($_POST)` before calling `isset()`. ? – Umer Farooq Apr 30 '18 at 12:05
  • I tried to but I’m not confident with debugging a script actually – Mike Kng Apr 30 '18 at 20:40
  • @MikeKng I think there is some problem in your java code. Make sure that you are sending `post` parameters' properly. The reason `$_POST['name']` is empty is because `name` parameter is not sent from your java code. – Umer Farooq May 01 '18 at 09:07
  • I thought of that too, but why would it insert the right string I give it into the table otherwise? – Mike Kng May 01 '18 at 09:15
  • @MikeKng So what you get when you declared `$var` out of the scope of `if block' ? – Umer Farooq May 01 '18 at 09:35