-1

I am working on a flutter app which simply updates and inserts the data into a table I have create a php API script:

if("Sign_Up"==$action){
  
    $email = mysqli_real_escape_string($connect, $_POST['email']);
    $phone = mysqli_real_escape_string($connect, $_POST['phone']);

    $query = "INSERT INTO driver_details (phone, email)
              VALUES('$phone', '$email')";
    $results = mysqli_query($connect, $query);
    if($results>0)
    {
        echo "user added successfully";
    }
 }

and I post the data to the API using this data:

static const ROOT="https://www.example.com/driverapp-apis";
static const _Sign_Up='Sign_Up';

Future signup() async {

var response = await http.post(Uri.parse(ROOT), body: {
    "email": emailController.text,
    "action":'Sign_Up',
    "phone":phoneController.text,
    });
}

and I **am able to sccessfully insert data ** what I want to get the insert id of this query and use it for further update ? so anyone can help me how to get insert id into my flutter app?

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
material inventory
  • 13
  • 3
  • I think you need to encode the request body – Jahidul Islam Dec 10 '21 at 08:39
  • i am new to it can you suggest me how? – material inventory Dec 10 '21 at 08:40
  • refer my answer [here](https://stackoverflow.com/a/68767696/13997210) for post data to API or Register hope its help to you – Ravindra S. Patil Dec 10 '21 at 08:42
  • Your script is open to [SQL Injection Attack](http://stackoverflow.com/questions/60174). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187) You should always use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's instead of concatenating user provided values into the query. Never trust ANY user input! – RiggsFolly Dec 10 '21 at 09:06

1 Answers1

0

Not sure about the Flutter end, but you can get the insert_id from the mysql insert like this, and then return it to the flutter/dart code for you to deal with as you wish

I also removed the SQL Injection issue

if("Sign_Up"==$action){
  
    $query = "INSERT INTO driver_details (phone, email)
              VALUES(?,?)";
    $stmt = $connect->prepare($sql);
    $stmt->bind_param('ss', $_POST['phone']
                            $_POST['email'] );
    $result = $stmt->execute();
    // successful execution of an insert returns a TRUE and a failure returns FALSE
    if($results) {
        // pass back the new id and the message as a json string
        $res = ['id' => $connect->insert_id,
                'msg' => "user added successfully"
                'status' => 1];
        echo json_encode($res);
    } else {
        echo json_encode(['msg' => 'user not added',
                          'status' => 99]);
    }
}
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149