Unable to retrieve data from MySQL

Question

Below is my config.php

<?php
const server = "localhost";
const dbuser = "root";
const dbpw = "";
const db = "mp19_tca";
?>

Here below is my login.php

<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
header("Content-Type: application/json; charset=UTF-8");

error_reporting(E_ERROR);

//tells login.php the username/password and name to the database
include("config.php");

try{
    $found = 0;

    $conn = new mysqli(server, dbuser, dbpw, db);

    //login accepts a userid and password from the caller
    $userid = $_GET["user_id"];
    $password = $_GET["password"];

    //it then runs an SQL statement to check the database if this record exist
    $query = "SELECT email FROM usermobile WHERE user_id ='" . $userid . "' and password = '" . 
    $password . "'";
    $result = $conn->query($query);

    $outp = "[";
    while($rs = $result->fetch_array(MYSQLI_ASSOC)) {
        if ($outp != "[") {
            $outp .= ",";
        }
        $outp .= '{"result":"'   . $rs["email"]        . '"}';
        $found = 1;
    }

    if ($found == 0){
        $outp .= '{"result":"0"}';
    }

    $outp .="]";

    echo $outp;

    $conn->close();
}
catch(Exception $e) {
    $json_out =  "[".json_encode(array("result"=>0))."]";
    echo $json_out;
}
?>

I have added data into my MySQL data, but when i run these codes my results turned out 0. The purpose of using this PHP codes is to create a login page to communicate with the database my Cordova app, using jQueryMobile. So am wondering where did i go wrong? Is the result output supposed to be email?

Results of data

Try to echo $query and then paste that query into the database directly and check if it returns any error or not — Prabhjot Singh Kainth, Nov 20 '19 at 05:43
**Warning!** You are _wide open_ for SQL injection attacks! You should use parameterized [prepared statements](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead of using completely unescaped user data directly in your queries like that. — M. Eriksson, Nov 20 '19 at 06:02
_**Never ever** ever never_ store passwords in plain text! You should _always_ hash the passwords using [password_hash()](https://www.php.net/manual/en/function.password-hash.php) and only store the hashes. Then you can use [password_verify()](https://www.php.net/manual/en/function.password-verify.php) to verify a password against a hash. — M. Eriksson, Nov 20 '19 at 06:02
I would also recommend using [json_encode()](https://www.php.net/manual/en/function.json-encode.php) instead of manually building the json response. — M. Eriksson, Nov 20 '19 at 06:03
_A side note:_ PHPMyAdmin is just a web based admin tool for managing MySQL databases. Your application doesn't have anything to do with PHPMyAdmin since you're connecting to the MySQL database directly. — M. Eriksson, Nov 20 '19 at 06:07
Am unsure to go about it, as am doing a prototype for a school project. — Javier, Nov 20 '19 at 06:09
What is the value of `$conn`? Are you sure that `new mysqli()` is succeeding? Btw, what IDE do you use? Do you know how to use the debugger, set breakpoints, examine variables & call stack? The debugger is your BFF. — Mawg says reinstate Monica, Nov 20 '19 at 06:21
What version of PHP are you using? Change to `error_reporting(E_ALL)` line and also add `ini_set('display_errors', 'On'); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` — Phil, Nov 20 '19 at 06:55

Unable to retrieve data from MySQL

0 Answers0