继以下this教程,了解如何为Android创建API。检查了我的DB_Functions.php
文件,一切正常连接并正常运行(90%确定)。为确保帖子正常工作,我使用名为Postman
的Chrome加载项。 This我在网上发现的其他问题与我的问题类似。这是我输入/收到的。
下面是代码使用PHP API插入MySQL数据库
<?php
/*
Function tests
require_once 'include/DB_Functions.php';
$db = new DB_Functions();
$insert = $db->storeUser("InsertTest", "[email protected]", "apple");
print_r($insert);
$user = $db->getUserByEmailAndPassword("[email protected]", "apple");
print_r($user);
$exist = $db->isUserExisted("[email protected]");
echo $exist; */
/**
* File to handle all API requests
* Accepts GET and POST
*
* Each request will be identified by TAG
* Response will be JSON data
/**
* check for POST request
*/
if (isset($_POST['tag']) && $_POST['tag'] != '') {
$tag = $_POST['tag'];
require_once 'include/DB_Functions.php';
$db = new DB_Functions();
$response = array("tag" => $tag, "error" => FALSE);
// check for tag type
if ($tag == 'login') {
// Request type is check Login
$email = $_POST['email'];
$password = $_POST['password'];
// check for user
$user = $db->getUserByEmailAndPassword($email, $password);
if ($user != false) {
// user found
$response["error"] = FALSE;
$response["uid"] = $user["unique_id"];
$response["user"]["name"] = $user["name"];
$response["user"]["email"] = $user["email"];
$response["user"]["created_at"] = $user["created_at"];
$response["user"]["updated_at"] = $user["updated_at"];
echo json_encode($response);
} else {
// user not found
// echo json with error = 1
$response["error"] = TRUE;
$response["error_msg"] = "Incorrect email or password!";
echo json_encode($response);
}
} else if ($tag == 'register') {
// Request type is Register new user
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];
// check if user is already existed
if ($db->isUserExisted($email)) {
// user is already existed - error response
$response["error"] = TRUE;
$response["error_msg"] = "User already existed";
echo json_encode($response);
} else {
// store user
$user = $db->storeUser($name, $email, $password);
if ($user) {
// user stored successfully
$response["error"] = FALSE;
$response["uid"] = $user["unique_id"];
$response["user"]["name"] = $user["name"];
$response["user"]["email"] = $user["email"];
$response["user"]["created_at"] = $user["created_at"];
$response["user"]["updated_at"] = $user["updated_at"];
echo json_encode($response);
} else {
// user failed to store
$response["error"] = TRUE;
$response["error_msg"] = "Error occured in Registartion";
echo json_encode($response);
}
}
} else {
// user failed to store
$response["error"] = TRUE;
$response["error_msg"] = "Unknown 'tag' value. It should be either 'login' or 'register'";
echo json_encode($response);
}
} else {
$response["error"] = TRUE;
$response["error_msg"] = "Required parameter 'tag' is missing!";
echo json_encode($response);
}
?>
而且DB_Functions.php代码
<?php
class DB_Functions{
private $db;
public $connection;
function __construct(){
require_once ('DB_Connect.php');
$this->db = new DB_Connect();
$this->connection = $this->db->connect();
}
function __destruct(){
}
public function storeUser($name, $email, $password){
$uuid = uniqid('', true);
$hash = $this->hashSSHA($password);
$encrypted_password = $hash["encrypted"];
$salt = $hash["salt"];
$sql = "INSERT INTO users(unique_id, name, email, encrypted_password, salt, created_at)
VALUES ('$uuid', '$name', '$email', '$encrypted_password', '$salt', NOW())";
$result = $this->connection->query($sql);
if($result){
$uid = mysqli_insert_id($this->connection);
$sql = "SELECT * FROM users WHERE uid = '" . $uid . "';";
$result = $this->connection->query($sql);
return mysqli_fetch_array($result);
}else{
return false;
}
}
public function getUserByEmailAndPassword($email, $password){
$sql = "SELECT * FROM users WHERE email = '" . $email . "';";
$result = $this->connection->query($sql);
$no_of_rows = mysqli_num_rows($result);
if($no_of_rows > 0){
$result = mysqli_fetch_array($result);
$salt = $result['salt'];
$encrypted_password = $result['encrypted_password'];
$hash = $this->checkhashSSHA($salt, $password);
if($encrypted_password == $hash){
return $result;
}
}else{
return false;
}
}
public function isUserExisted($email){
$sql = "SELECT * FROM users WHERE email = '" . $email . "';";
$result = $this->connection->query($sql);
$no_of_rows = mysqli_num_rows($result);
if($no_of_rows > 0){
return true;
}else{
return false;
}
}
public function hashSSHA($password){
$salt = sha1(rand());
$salt = substr($salt, 0, 10);
$encrypted = base64_encode(sha1($password . $salt, true) . $salt);
$hash = array("salt" => $salt, "encrypted" => $encrypted);
return $hash;
}
public function checkhashSSHA($salt, $password){
$hash = base64_encode(sha1($password . $salt, true) . $salt);
return $hash;
}
}
?>
有谁知道为什么邮政不工作?
**警告**:使用'mysqli'时,应该使用参数化查询和['bind_param'](http://php.net/manual/en/mysqli-stmt.bind-param.php)到将用户数据添加到您的查询。 **不要**使用字符串插值或连接来完成此操作,因为您将创建严重的[SQL注入漏洞](http://bobby-tables.com/)。 **绝不**将'$ _POST'数据直接放入查询中。 – tadman
此外,你的截图是完全难以辨认的。我们应该从中拿走什么? – tadman
你真的应该使用PHP的[内置函数](http://jayblanchard.net/proper_password_hashing_with_PHP.html)来处理密码安全性。 –