• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Connecting to MySQL w/ PHP script for Android Help

 
Christopher Adams
Greenhorn
Posts: 11
Chrome Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello.
I'm following a tutorial on Udemy. Since it is a paid tutorial I am unable to link to it but what I'm doing is very similar to this:
http://www.inmotionhosting.com/support/edu/website-design/using-php-and-mysql/php-insert-database

I'm trying to insert data into a MySQL table using a PHP script:
I am able to connect to the database but I cannot add / insert new data:
Here is the code I have so far:
I commented out somethings while troubleshooting. I previously had the connection file in a separate file called init.php but following the link above
it had everything in one file.

When I try to add new data using the form, it does not add the data to the MySql database.




HTML form to get post data:
 
Brian Tkatch
Bartender
Posts: 567
25
Linux Notepad Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What error are you receiving? Have you tries running the command from the mysql prompt itself?
Using variables in passed sql statements is called Dynamic SQL and is generally considered insecure. Please instead use placeholders and prepare the statement, passing the values only when executing it.
 
Christopher Adams
Greenhorn
Posts: 11
Chrome Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Brian Tkatch wrote:What error are you receiving? Have you tries running the command from the mysql prompt itself?
Using variables in passed sql statements is called Dynamic SQL and is generally considered insecure. Please instead use placeholders and prepare the statement, passing the values only when executing it.


Hi Brian,
Thanks for responding to this.

I am receiving no error, when you go to the form and add data, it just does not add it to the database.

I successfully added the data from the myPhpadmin.

When you say, "Please instead use placeholders and prepare the statement, passing the values only when executing it.", can you explain this a bit more?
I thought this:


was suppose to make this more secure?

I'm new to databases and I'm just looking at a good way to connect an android app to a mysql database. If anyone has any other resources/tutorials
that explain how to do this in a secure way, I would really appreciate it.

I'm going to look for some other resources on doing this as well.

Thank you.

 
Brian Tkatch
Bartender
Posts: 567
25
Linux Notepad Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the actual error message? Check your log files.

Escaping text is a good idea anyway. However, bind variables are a different thing. Here, perhaps this page as W3 Schools will help.
 
Christopher Adams
Greenhorn
Posts: 11
Chrome Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Brian Tkatch wrote:What is the actual error message? Check your log files.

Escaping text is a good idea anyway. However, bind variables are a different thing. Here, perhaps this page as W3 Schools will help.


Thanks for the help. I finally got it to work thanks to help from you, others, and a lot of research.
I was also able to update it using place holders.
I also added some functions to validate the data.
My updated code is posted below.
If anyone has any suggestions on making it more secure, I would love to hear it.
Keeping in mind I am new to PHP. I'm primarily focusing on Java right now but I wanted
to implement a database in my android app and PHP/MySql seemed like the best way to go.

 
Brian Tkatch
Bartender
Posts: 567
25
Linux Notepad Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The approach looks good.

I will make a comment on style though, just to give you something to think about. I prefer not splitting booleans into if() statements. Rather, i return the boolean itself. So, i would change:
Christopher Adams wrote:
// Function to ensure form data input is not empyt/null:

To: But it's just a matter of style. There is no right or wrong, just what to make fun of your own style.
 
Christopher Adams
Greenhorn
Posts: 11
Chrome Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Brian Tkatch wrote:The approach looks good.

I will make a comment on style though, just to give you something to think about. I prefer not splitting booleans into if() statements. Rather, i return the boolean itself. So, i would change:
Christopher Adams wrote:
// Function to ensure form data input is not empyt/null:

To: But it's just a matter of style. There is no right or wrong, just what to make fun of your own style.


Thank you. Yes, your suggestion is much more compact.
 
Roel De Nijs
Sheriff
Posts: 10662
144
AngularJS Chrome Eclipse IDE Hibernate Java jQuery MySQL Database Spring Tomcat Server
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And isNull should actually be isEmpty
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic