-1

i'm try to send some post value using postman to my script php... but i can print out the value post only if i use the x-www-form-urlencoded and not if i send data via form-data?

why this? can't understand differance between x-www-form-urlencoded and form-data.

post

php code test:

<?php
// this script call to register new user into db
require ("../private/index.php");



if ($_SERVER['REQUEST_METHOD'] == "POST") {

    $staff = $_POST['staff_ID'];
    $email = $_POST['email'];
    $pass = $_POST['password'];
    $name = $_POST['Name'];
    $surname = $_POST['Surname'];
    $role = $_POST['Role'];
    $instructor = $_POST['Instructor'];
    $date = $date = date("Y-m-d H:i:s",time());

    $dataReceived = array('staff_ID'=>$staff,
    'email'=>$email,
    'password'=>$pass,
    'Name'=>$name,
    'Surname'=>$surname,
    'Role'=>$role);

    echo json_encode($dataReceived);


   $sql = "INSERT INTO `users_nx`(`staff_ID`,`password`,`email`,`Name`,`Surname`,`Role`) VALUES ($staff,$pass,$email,$name,$surname,$role)";
   if ($mysqli->query($sql) === TRUE) {
    echo resultOperations(true, $mysqli);
    } else {
    echo resultOperations(false,$mysqli);
    }
}
Damiano Miazzi
  • 1,514
  • 1
  • 16
  • 38
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Nov 02 '22 at 12:36

1 Answers1

0

it just so happens that I've studied this before. Both x-www-form-urlencoded and form-data are carried in the request body during transmission.

First of all, x-www-form-urlencoded is generally used for the submission of forms, such as multiple input fields, and form-data is used for the submission of files, such as file files, image images and so on. The former is a string in the format of json key-value, while the latter is a binary stream.

Why can't I get the data in the php server? I don't know php, I've tested it in nodejs before, and nodejs requires an npm called bodyparser to format the string key to a json key-value. php should come with this parsing process. So you can get the json data directly. However, if you are using form-data, the binary cannot be parsed according to the parsing rules. It needs to be obtained by stream parsing.

This may be a bit of a fluff, but you can just print the data for the http request body to see the difference.

fengchuantao
  • 1