0

I currently have the following PHP script with a select query with all hard-coded values. How can I take the value provided by my Swift app?

Is there a way to easily edit the following code I have to have also POST a value instead of having a hard-coded value in the PHP script?

    // Create connection
$con=mysqli_connect("localhost”,”username”,”password”,”dbName”);

// Check connection
if (mysqli_connect_errno())
{
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// This SQL statement selects ALL from the table 'Equipment'

$sql = "SELECT name FROM TABLE 
        WHERE name = ‘$CHANGE THIS’ ";

// Check if there are results
if ($result = mysqli_query($con, $sql))
{
    // Create temporary connection
    $resultArray = array();
    $tempArray = array();

    // Look through each row
    while($row = $result->fetch_object())
    {
        // Add each row into our results array
        $tempArray = $row;
        array_push($resultArray, $tempArray);
    }

    // Finally, encode the array to JSON and output the results
    echo json_encode($resultArray);
}

mysqli_close($con);

My current code in Swift looks like this:

The data I take from the SQL query is then put in an array and formatted in a UITable:

import Foundation

protocol FeedDetailProtocol: class {
    func itemsDownloaded(items: NSArray)
}


class FeedDetail: NSObject, URLSessionDataDelegate {



    weak var delegate: FeedDetailProtocol!

    let urlPath = "https://www.example.com/test/test1.php"

    func downloadItems() {

        let url: URL = URL(string: urlPath)!
        let defaultSession = Foundation.URLSession(configuration: URLSessionConfiguration.default)

        let task = defaultSession.dataTask(with: url) { (data, response, error) in

            if error != nil {
                print("Error")
            }else {
                print("details downloaded")
                self.parseJSON(data!)
            }

        }

        task.resume()
    }

    func parseJSON(_ data:Data) {

        var jsonResult = NSArray()

        do{
            jsonResult = try JSONSerialization.jsonObject(with: data, options:JSONSerialization.ReadingOptions.allowFragments) as! NSArray

        } catch let error as NSError {
            print(error)

        }

        var jsonElement = NSDictionary()
        let stocks = NSMutableArray()

        for i in 0 ..< jsonResult.count
        {

            jsonElement = jsonResult[i] as! NSDictionary

            let stock = DetailModel()

            //the following insures none of the JsonElement values are nil through optional binding
            if let name = jsonElement["name"] as? String,


            {
                print(name)
                stock.name = name


            }

            stocks.add(stock)

        }

        DispatchQueue.main.async(execute: { () -> Void in

            self.delegate.itemsDownloaded(items: stocks)

        })
    }
    }
rmaddy
  • 314,917
  • 42
  • 532
  • 579
  • 1
    You can't use `”`, this is a different character than `"` – Dharman May 01 '19 at 22:01
  • 2
    **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add any data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or data *of any kind* directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman May 01 '19 at 22:10
  • 1
    Note: The [object-oriented interface to `mysqli`](https://www.php.net/manual/en/mysqli.quickstart.connections.php) is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface where missing a single `i` can cause trouble. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is largely an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. – tadman May 01 '19 at 22:10
  • Note: A lot of problems can be detected and resolved by [enabling exceptions in `mysqli`](https://stackoverflow.com/questions/14578243/turning-query-errors-to-exceptions-in-mysqli) so any mistakes made aren’t easily ignored. Many return values cannot be ignored, you must pay attention to each one. Exceptions don’t require individual checking, they can be caught at a higher level in the code. – tadman May 01 '19 at 22:10
  • Can you please post an example of what could be added to my code? I would really appreciate it. –  May 01 '19 at 22:13
  • @Dharman where am I using ” ? –  May 01 '19 at 22:33
  • Here: `"localhost”,”username”,”password”,”dbName”`, and in your SQL too... – Dharman May 01 '19 at 22:37
  • Ok, I will fix this, can help me with the main issue? –  May 01 '19 at 22:38

0 Answers0