Problems with PHP and MySQL
I am working within Xcode and have an iOS application that you input information and the app connects to a DB via a PHP file. There is no problem when uploading, a name or a
-
A couple of observations:
You said:
But when there is a period, or a question mark, it does not get uploaded to the server, it just fails.
Your question presumes that the problem rests in the PHP code, but it sounds like you might not properly be percent escaping the parameters when creating the request. Notably, many people erroneously use
stringByAddingPercentEscapesUsingEncoding(which will percent escape some characters, but not others). Notably, there are "legal" characters that are valid in a URL, but are not valid within a POST/GET parameter, so you need to specify those "legal" characters that should also be percent escaped (e.g.?,&,+, etc.) within a parameter.In short, you really want to use
CFURLCreateStringByAddingPercentEscapes, which allows you to specify additional characters that should be escaped per RFC 3986. For example, I've used the followingNSStringcategory.@implementation NSString (URLEncode) - (NSString *)stringForHTTPRequest { return CFBridgingRelease(CFURLCreateStringByAddingPercentEscapes(kCFAllocatorDefault, (CFStringRef)self, NULL, (CFStringRef)@":/?@!$&'()*+,;=", kCFStringEncodingUTF8)); } @endOr use a framework like AFNetworking which simplifies the process of creating requests and takes care of this for you.
Note, this PHP code is returning simple string response. Instead, I'd suggest creating JSON response, which will make it easier for the Objective-C code to handle and interpret the response (and report/log the error). For example, if using the procedural rendition of mysqli:
false, "message" => mysqli_connect_error(), "sqlerrno" => mysqli_connect_errno())); exit; } // get the parameters $field1 = mysqli_real_escape_string($con, $_REQUEST["field1"]); $field2 = mysqli_real_escape_string($con, $_REQUEST["field2"]); // perform the insert $sql = "INSERT INTO sometable (field1, field2) VALUES ('{$field1}', '{$field2}')"; if (!mysqli_query($con, $sql)) { $response = array("success" => false, "message" => mysqli_error($con), "sqlerrno" => mysqli_errno($con), "sqlstate" => mysqli_sqlstate($con)); } else { $response = array("success" => true); } echo json_encode($response); mysqli_close($con); ?>Or, if using the object-oriented style:
connect_errno) { echo json_encode(array("success" => false, "message" => $mysqli->connect_error, "sqlerrno" => $mysqli->connect_errno)); exit(); } // perform the insert $sql = "INSERT INTO sometable (field1, field2) VALUES (?, ?)"; if ($stmt = $mysqli->prepare($sql)) { $stmt->bind_param("ss", $_REQUEST["field1"], $_REQUEST["field2"]); if (!$stmt->execute()) $response = array("success" => false, "message" => $mysqli->error, "sqlerrno" => $mysqli->errno, "sqlstate" => $mysqli->sqlstate); else $response = array("success" => true); $stmt->close(); } else { $response = array("success" => false, "message" => $mysqli->error, "sqlerrno" => $mysqli->errno, "sqlstate" => $mysqli->sqlstate); } $mysqli->close(); echo json_encode($response); ?>This way, the Objective-C app can receive the response, parse the JSON, and look at
successto determine whether the operation was successful or not, and look atmessagefor the error message if it wasn't successful. This just permits a more robust conversation between app and server.By the way, I'd suggest that you use
mysqli_real_escape_stringor manually bind parameters to a prepared statement to protect against SQL injection attacks or unintended errors arising from unescaped strings in your SQL.I'd also suggest you create a
POSTrequest rather than aGETrequest which allows larger values.
加载中...
- 热议问题