• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Connecting to MySQL w/ PHP script for Android Help

 
Greenhorn
Posts: 17
Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello.
I'm following a tutorial on Udemy. Since it is a paid tutorial I am unable to link to it but what I'm doing is very similar to this:
http://www.inmotionhosting.com/support/edu/website-design/using-php-and-mysql/php-insert-database

I'm trying to insert data into a MySQL table using a PHP script:
I am able to connect to the database but I cannot add / insert new data:
Here is the code I have so far:
I commented out somethings while troubleshooting. I previously had the connection file in a separate file called init.php but following the link above
it had everything in one file.

When I try to add new data using the form, it does not add the data to the MySql database.




HTML form to get post data:
 
Bartender
Posts: 598
26
Oracle Notepad Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What error are you receiving? Have you tries running the command from the mysql prompt itself?
Using variables in passed sql statements is called Dynamic SQL and is generally considered insecure. Please instead use placeholders and prepare the statement, passing the values only when executing it.
 
Christopher Adams
Greenhorn
Posts: 17
Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Brian Tkatch wrote:What error are you receiving? Have you tries running the command from the mysql prompt itself?
Using variables in passed sql statements is called Dynamic SQL and is generally considered insecure. Please instead use placeholders and prepare the statement, passing the values only when executing it.



Hi Brian,
Thanks for responding to this.

I am receiving no error, when you go to the form and add data, it just does not add it to the database.

I successfully added the data from the myPhpadmin.

When you say, "Please instead use placeholders and prepare the statement, passing the values only when executing it.", can you explain this a bit more?
I thought this:


was suppose to make this more secure?

I'm new to databases and I'm just looking at a good way to connect an android app to a mysql database. If anyone has any other resources/tutorials
that explain how to do this in a secure way, I would really appreciate it.

I'm going to look for some other resources on doing this as well.

Thank you.

 
Brian Tkatch
Bartender
Posts: 598
26
Oracle Notepad Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is the actual error message? Check your log files.

Escaping text is a good idea anyway. However, bind variables are a different thing. Here, perhaps this page as W3 Schools will help.
 
Christopher Adams
Greenhorn
Posts: 17
Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Brian Tkatch wrote:What is the actual error message? Check your log files.

Escaping text is a good idea anyway. However, bind variables are a different thing. Here, perhaps this page as W3 Schools will help.



Thanks for the help. I finally got it to work thanks to help from you, others, and a lot of research.
I was also able to update it using place holders.
I also added some functions to validate the data.
My updated code is posted below.
If anyone has any suggestions on making it more secure, I would love to hear it.
Keeping in mind I am new to PHP. I'm primarily focusing on Java right now but I wanted
to implement a database in my android app and PHP/MySql seemed like the best way to go.

 
Brian Tkatch
Bartender
Posts: 598
26
Oracle Notepad Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The approach looks good.

I will make a comment on style though, just to give you something to think about. I prefer not splitting booleans into if() statements. Rather, i return the boolean itself. So, i would change:

Christopher Adams wrote:
// Function to ensure form data input is not empyt/null:


To: But it's just a matter of style. There is no right or wrong, just what to make fun of your own style.
 
Christopher Adams
Greenhorn
Posts: 17
Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Brian Tkatch wrote:The approach looks good.

I will make a comment on style though, just to give you something to think about. I prefer not splitting booleans into if() statements. Rather, i return the boolean itself. So, i would change:

Christopher Adams wrote:
// Function to ensure form data input is not empyt/null:


To: But it's just a matter of style. There is no right or wrong, just what to make fun of your own style.



Thank you. Yes, your suggestion is much more compact.
 
Sheriff
Posts: 11604
178
Hibernate jQuery Eclipse IDE Spring MySQL Database AngularJS Tomcat Server Chrome Java
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
And isNull should actually be isEmpty
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic