All geek questions in one place

IOS - the right approach to insert data into mySql database

I found it here and here , but I did not find a textbook or a good book regarding this issue.

I don’t want to use Parse for many reasons, so I decided to try the webservice code itself. (Hope this is the right way to call it).

I bought different books, and although he very well explained how I should retrieve data from the database using JSON or XML, I can not find anything clear regarding data insertion.

Here's how I finally managed to insert my data from the iphone application into my database.

Xcode:

-(IBAction)addData:(id)sender{ [self displayActivityIndicator]; NSString *country = self.countryLabel.text; NSString *location = self.locationTextField.text; NSString *city = self.cityTextField.text; NSString *distance = self.distanceTextField.text; NSString *max_part = self.partcipantsTextField.text; NSString *pace = self.paceField.text; NSString *rawStr = [NSString stringWithFormat:@"country=%@&location=%@&&city=%@&distance=%@&pace=%@&partecipant=%@", country, location, city, distance, pace,max_part]; NSData *data = [rawStr dataUsingEncoding:NSUTF8StringEncoding]; NSURL *url = [NSURL URLWithString:@"http://www.mywebsite.com/savedata.php"]; NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url]; [request setHTTPMethod:@"POST"]; [request setHTTPBody:data]; NSURLResponse *response; NSError *err; NSData *responseData = [NSURLConnection sendSynchronousRequest:request returningResponse:&response error:&err]; NSString *responseString = [NSString stringWithUTF8String:[responseData bytes]]; NSLog(@"%@", responseString); NSString *success = @"success"; [success dataUsingEncoding:NSUTF8StringEncoding]; NSLog(@"%lu", (unsigned long)responseString.length); NSLog(@"%lu", (unsigned long)success.length); [self dismissViewControllerAnimated:YES completion:nil]; // Dismiss the viewController upon success }

SAVEDATA.PHP

 <?php header('Content-type: text/plain; charset=utf-8'); $db_conn = new PDO('mysql:host=localhost;dbname=mydatabase','admin','password'); $db_conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $message = ""; $user = @"testUser"; $country = ($_POST['country']); $city = ($_POST['city']); $location = ($_POST['location']); $distance = ($_POST['distance']); $pace = ($_POST['pace']); $part = ($_POST['partecipant']); $qry = $db_conn->prepare('INSERT INTO myTable(`user_id`,`country`,`city`,`location`,`distance`,`pace`,`max_number`) VALUES (:user,:country,:city,:location,:distance,:pace,:max_number)'); $qry->bindParam(':user', $user); $qry->bindParam(':country', $country); $qry->bindParam(':city', $city); $qry->bindParam(':location', $location); $qry->bindParam(':distance', $distance); $qry->bindParam(':pace', $pace); $qry->bindParam(':max_number', $part); $qry->execute(); if ($qry) { $message = "success"; } else { $message = "failed"; } echo utf8_encode($message); ?>

The code above is executed and I can insert my data into the database.

  • Is this the right approach to send data from an iOS device to a database?
  • Do you know a good textbook or book that clearly explains how to do this?
  • how can I prevent some malicious users from injecting “fake data” directly from the server by doing something like this: http://www.mywebsite.com/savedata.php?country=fakeCountry&location= fakeLocation&city=fakeCity&distance=fakeDistance&partecipant=fakePartecipant
  • Do I prevent sql injection using PDO and prepare statements?

Thank you for your time.

+6
source share
3 answers

There is nothing wrong with the way you insert data. I do this all the time.

Think about the fact that your PHP file is a very simple web service.

What you have to do is protect the PHP script from being launched by anything other than the procedure in your iOS application. There are a few things you can do. Pass the post parameter with some identifier from your application, check the user agent. I always pass the version number of the application, so you can make sure your script remains backward compatible.

Good practice is to set $ _POST variables. Make sure that the data you publish in the iOS app will not work either. Check for html objects, etc.

Hope this helps.

+1
source

This is the approach I took to complete my project.

iOS code

 -(IBAction)addData { NSString *strURL = [NSString stringWithFormat:@"http://www.website.com/post.php?name=%@&description=%@",nameTextField.text, descriptionField.text]; NSData *dataURL = [NSData dataWithContentsOfURL:[NSURL URLWithString:strURL]]; NSString *strResult = [[NSString alloc] initWithData:dataURL encoding:NSUTF8StringEncoding]; NSLog(@"%@", strResult); }

Php code

 <?php // Create connection $servername = "localhost"; $username = "admin"; $password = "admin"; $dbname = "database"; $con=mysqli_connect("localhost","username","password","database"); if (!$con) { die("Connection failed: " . mysqli_connect_error()); echo "Nothing happened"; }else{ } if (isset ($_GET["dishname"])) $name = $_GET["name"]; else $name = "Null"; if (isset ($_GET["description"])) $description = $_GET["description"]; else $description = "Null"; echo "name : ". $name; echo "description : ". $description; $sql = "insert into RecipeFeed (Name, Description) values ('".$name."','".$description."')"; $result = mysqli_query($con, $sql); ?>

Hope that helps

0
source 
 NSString *rawStr = [NSString stringWithFormat:@"country=%@&location=%@&&city=%@&distance=%@&pace=%@&partecipant=%@", country, location, city, distance, pace,max_part];

you have 2 and up to the city.

0
source

Source: https://habr.com/ru/post/957010/

More articles:


All Articles