Reputation: 534
Write to online SQL Database using PHP script
I need to save the data from android into an online SQL database. I made a PHP file for doing the task. I am trying to save the data using GET in a PHP file but it always returns false. Kindly have a look at my code and please help. The file is called using an android application. Tried testing though REST add-ons for browsers.
EDIT : Problem - When I send the data using HTTP GET all I get in return is the JSON result {"result":false}. This means my SQL query does not run properly. I tried running the same code directly in phpMyAdmin and it works.
EDIT : Code corrected.
<?php
$con = new mysqli("HOST","USERNAME","PASSWORD","DATABASE");
$rrequest_status = $_GET['request_status'];
$rstudent_name = $_GET['student_name'];
$rrequest_to = $_GET['request_to'];
$renrollment_no = $_GET['enrollment_no'];
$rout_date = $_GET['out_date'];
$rout_time = $_GET['out_time'];
$rin_date = $_GET['in_date'];
$rin_time = $_GET['in_time'];
$rrequest_time = $_GET['request_time'];
$rapproved_time = $_GET['approved_time'];
$rvisit_place = $_GET['visit_place'];
$rvisit_type = $_GET['visit_type'];
$rcontact_number = $_GET['contact_number'];
$squery = "INSERT INTO `gatepass_requests` (
`gatepass_number` ,
`request_status` ,
`student_name` ,
`request_to` ,
`enrollment_no` ,
`out_date` ,
`out_time` ,
`in_date` ,
`in_time` ,
`request_time` ,
`approved_time` ,
`approved_by` ,
`visit_place` ,
`visit_type` ,
`contact_number`
)
VALUES (
NULL ,
'".$rrequest_status."',
'".$rstudent_name."',
'".$rrequest_to."',
'".$renrollment_no."',
'".$rout_date."',
'".$rout_time."',
'".$rin_date."',
'".$rin_time."',
'".$rrequest_time."',
NULL,
'".$rapproved_by."',
'".$rvisit_place."',
'".$rvisit_type."',
'".$rcontact_number."',
)";
if(mysqli_query($con,$squery)){
$result['result'] = true;
}else{
$result['result'] = false;
}
echo json_encode($result);
mysqli_close($con);
?>
Upvotes: 0
Views: 98
Answers (3)
Reputation: 74217
To set the record straight for future readers.
The fact of the matter here is that you have different/undefined variables for the following used in your VALUES:
$rrequest_status$rrequest_to$rrequest_time
But have declared them as, and with an extra "r" and assuming that is your real code and not just a bad paste in your question:
Sidenote: Assuming the GET requests as opposed to POST.
$request_status = $_GET['request_status'];$request_to = $_GET['request_to'];$request_time = $_GET['request_time'];
And error reporting would have have signaled undefined variables notices but failed to mention that.
Then you stated this comment in an answer given:
"Thank You so much for your reply, I removed it for the time being, but it is not the problem. PHP does allow to have trailing commas so it doesn't matter. – Pradumn Kumar Mahanta"
Maybe for certain PHP operations, but we're dealing with MySQL here and that alone would have thrown you an exception about the trailing comma for:
'".$rcontact_number."',<<<
In regards to the SQL injection you're open to, use a prepared statement:
References:
- https://en.wikipedia.org/wiki/Prepared_statement
- http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php (MySQLi_)
- http://php.net/pdo.prepared-statements (PDO)
Error checking references:
- http://php.net/manual/en/function.error-reporting.php (PHP)
- http://php.net/manual/en/mysqli.error.php (MySQLi)
Upvotes: 1
Reputation: 4501
Remove extra , from the insert query.
'".$rcontact_number."', <-- this one
To check what error comes, do following:
if(mysqli_query($con,$squery)) {
$result['result'] = true;
} else {
$result['result'] = mysqli_error($con); // instead of false, use mysqli_error($con)
}
Upvotes: 0
Reputation: 10548
As you used $con = new mysqli("HOST","USERNAME","PASSWORD","DATABASE");. So you are following Object oriented style. So, you need to follow Object oriented style for executing query. Right now you mixed Object oriented style & Procedural style
Change
if(mysqli_query($con,$squery)){
$result['result'] = true;
}else{
$result['result'] = false;
}
To
if($con->query($squery)){
$result['result'] = true;
}else{
$result['result'] = false;
}
For more info, please have a look here Object Oriented Style & Procedural Style
Upvotes: 0
Related Questions
- How can I prevent SQL injection in PHP?
- How to run SQL script in MySQL?
- How to import an SQL file using the command line in MySQL?
- SQL update query using joins
- Returning JSON from a PHP Script
- How to calculate the difference between two dates using PHP?
- "Notice: Undefined variable", "Notice: Undefined index", "Warning: Undefined array key", and "Notice: Undefined offset" using PHP
- How can I delete using INNER JOIN with SQL Server?
- data not retrieving from online mysql server