0

I make an register form for insert and user in mysql. I'm using a "Future async" function with FlutterToast for show text if the registration is successfull or not and this is connected with my register.php archive. I need show the text or show an alert message, and that only works when I run in navigators like Chrome, not in Android Studio, when I run appears an error in the terminal only when I run in Android Studio.

D/InputConnectionAdaptor( 6148): The input method toggled cursor monitoring on E/flutter ( 6148): [ERROR:flutter/lib/ui/ui_dart_state.cc(209)] 
Unhandled Exception: Invalid argument (onError): Error handler must accept one Object or one Object and a StackTrace as arguments.: Closure: (HttpException) => Null

My function:

  Future register() async {
    var url =
        "http://192.167.1.142/databasedb/register.php"; 
    var response = await http.post(url, body: {
      "correo": correo.text,
      "celular": celular.text,
      "passwd": passwd.text,
      "passwd2": passwd2.text
    });
    var data = json.decode(response.body);
    if (data == "Error") {
      FlutterToast(context).showToast(
          child: Text(
        'User invalid',
        style: TextStyle(fontSize: 25, color: Colors.red),
      ));
    } else {
      FlutterToast(context).showToast(
          child: Text('Registration Successful',
              style: TextStyle(fontSize: 25, color: Colors.green)));
      Navigator.push(
        context,
        MaterialPageRoute(
          builder: (context) => DashBoard(),
        ),
      );
    }
  }

My Elevated Button:

Expanded(
    child: ElevatedButton(
      style: ElevatedButton.styleFrom(
        onSurface: Colors.blue,
      ),
      child: Text('Register',
          style: TextStyle(
              fontSize: 20,
              fontWeight: FontWeight.bold,
              color: Colors.white)),
      onPressed: () => [
        // enabled: isButtonActive,
        if (isButtonActive)
          {
            setState(() => isButtonActive = false),
          }
        else
          {null},
        register(), //REGISTER FUNCTION
        setState(() {})
      ],
    ),
  ),

My register.php:

<?php
    header('Access-Control-Allow-Origin: *');
    $db = mysqli_connect('localhost','root','','databasedb');
    //Conectar al hosting
    if (!$db) {
        echo "Database connection faild";
    }

    $cell= $_POST['celular'];
    $email= $_POST['correo'];
    $pass= $_POST['passwd'];
    $pass2= $_POST['passwd2'];

    $sql = "SELECT celular FROM usuario WHERE celular = '".$cell."' AND passwd = '".$pass."'";

    $result = mysqli_query($db,$sql);
    $count = mysqli_num_rows($result);

    if ($count == 1) {
        echo json_encode("Error");
    }else{
    
    if($pass == $pass2 && strlen($pass) >= 8 && strlen($email) >= 10 && (strlen($cell) >= 9 && strlen($cell) <= 15)){
        $insert = "INSERT INTO usuario(correo,celular,passwd,passwd2)VALUES('".$email."','".$cell."','".$pass."','".$pass2."')";
        $query = mysqli_query($db,$insert);
        if ($query) {
            echo json_encode("Success");
        }
    }else{
        echo json_encode("Contraseña inválida");
    }
        
    }

?>
Dharman
  • 30,962
  • 25
  • 85
  • 135
santiagobueras
  • 59
  • 6
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Jan 03 '22 at 16:20
  • 1
    **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman Jan 03 '22 at 16:20
  • Thanks for the recommendations, I had sha1 and I changed it to password_hash, I am transforming my code providing by mysqli. I hope that influences what I am looking for, that loads the messages in Android Studio. – santiagobueras Jan 03 '22 at 17:39

1 Answers1

0

Looks like you might http.post can throw exceptions, have you tried implementing a try/catch block. Perhaps something like this:

Future register() async {
  var url =
      "http://192.167.1.142/databasedb/register.php";

  try {
    var response = await http.post(url, body: {
      "correo": correo.text,
      "celular": celular.text,
      "passwd": passwd.text,
      "passwd2": passwd2.text
    });
    var data = json.decode(response.body);
    FlutterToast(context).showToast(
        child: Text('Registration Successful',
            style: TextStyle(fontSize: 25, color: Colors.green)));
    Navigator.push(
      context,
      MaterialPageRoute(
        builder: (context) => DashBoard(),
      ),
    );
  } on HttpException catch (ex) {
    // handle http related errors
    FlutterToast(context).showToast(
        child: Text(
          'User invalid',
          style: TextStyle(fontSize: 25, color: Colors.red),
        ));
  } on Object catch (error) {
    // handle non-http related errors
    FlutterToast(context).showToast(
        child: Text(
          'Unexpected Error',
          style: TextStyle(fontSize: 25, color: Colors.red),
        ));
  }
}
Jared Anderton
  • 826
  • 9
  • 12
  • Hi, thanks for your answer, i tried implementing a try/catch block but still the same, but my trycatch haven't a `HttpException` but a `PlatformException`. I can't change for HttpException cause according flutter isn't a type and can't be used in an on-catch clause. :/ – santiagobueras Jan 03 '22 at 18:38