CODEWITHSUNDEEP
phpmysqlobjective-csql-insert
kate
kate

Reputation: 123

insert a string(with spaces) into mysql using php from my iphone app

I am trying to save a string (Address) entered by a user in my iphone app into mysql database. I am using php to accomplish this. I have a few problems.

Here is my code in php:

...
$guestadd1 = $_GET["guestadd1"];
$guestadd2 = $_GET["guestadd2"];
$guestcity = $_GET["guestcity"];
...

And here is the mysql query:

 mysql_query( "INSERT INTO HMS_GUESTS( GUESTTYPE, GUESTLNAME, GUESTFNAME, GUESTADDRESS1,
               GUESTADDRESS2, GUESTCITY, GUESTSTATE, GUESTPOSTCODE, GUESTWORKPHONE) VALUES 
               ('$guestType', '$guestLname', '$guestFname', '$guestadd1', '$guestadd2', 
               '$guestcity', '$gueststate', '$guestpostal', '$guestWphone') ", $con) or 
               die(mysql_error());

1 But I am unable to insert the data with spaces. If I try saving it without space, I am able to insert. How can i insert with spaces?

2 I have two types of guests: Personal and Professional. So, more than one entry can have the same guest types. So, when I am trying to insert the second guest from one type, I am getting Duplicate value for key error. How can I overcome this and insert the entry?

Any help appreciated. Thank you :)

EDIT Including my objective-c code

NSString *strURL = [NSString stringWithFormat:@"http://127.0.0.1/hms.php?guesttype=%@&
guestLname=%@&guestFname=%@&guestadd1=%@&guestadd2=%@&guestcity=%@&
gueststate=%@&guestpostal=%@&guestWphone=%@", guestID, self.name1.text, self.name2.text,
self.address1.text, self.address2.text, self.city.text, self.state.text, self.postal.text,
self.phone.text, self.fax.text];
    // to execute php code
NSData *dataURL = [NSData dataWithContentsOfURL:[NSURL URLWithString:strURL]];

    // to receive the returned value
NSString *strResult = [[NSString alloc] initWithData:dataURL encoding:NSUTF8StringEncoding];

And mysql table structure:

Guest Type  | Guest First Name | Guest Last Name | ADDRESS LINE 1 | ADDRESS LINE 2 | CITY | STATE | POSTAL |  WORKPHONE
----------------------------------------------------------------------------------------------------------------------
Personal    | blah             |  blah           | blah            | blah          | blah | blah  | blah   |  blah
Professional| blah             |  blah           | blah            | blah          | blah | blah  | blah   |  blah

SO, in the address columm or possibly anywhere..i will come across spaces in arguments which i am not able to insert.

And if I now try to add another guest to the table, say type Personal, I am getting this error: Duplicate entry '1-1-PERSONAL-11' for key 1

Upvotes: 0

Views: 1583

Answers (1)

Troy
Troy

Reputation: 1639

Please do not use the mysql_query function, and don't construct your queries using string interpolation (or concatenation for that matter). That kind of solution leaves you wide open for a SQL injection attack. I'd recommend using something like PDO and taking advantage of parameter binding. Otherwise you have a major security hole that any idiot can exploit.

Upvotes: 3

Related Questions