PHP Script is showing error

Question

I am trying to write web services for data exchange between php-mysql server and android device. But service is showing some errors and not working.

Here is the my code

<?php

     include 'config.inc.php';

     // Check whether username or password is set from android  
     if(isset($_POST['username']) && isset($_POST['password']))
     {
          // Innitialize Variable
          $result='';
          $username = $_POST['username'];
          $password = $_POST['password'];

          // Query database for row exist or not
          $sql = 'SELECT * FROM tbl_login WHERE  email = :username AND password = :password';
          $stmt = $conn->prepare($sql);
          $stmt->bindParam(':username', $username, PDO::PARAM_STR);
          $stmt->bindParam(':password', $password, PDO::PARAM_STR);
          $stmt->execute();
          if($stmt->rowCount())
          {
             $result="true";    
          }  
          elseif(!$stmt->rowCount())
          {
                $result="false";
          }

          // send result back to android
          echo $result;
    }

?>

Right now my colleague who is an android developer is making login session module from android side and he needs web services for registration and login.

Can you solve error? Or

Can you provide some code for these services or link to suitable resource?

I'm voting to close this question as off-topic rather than migrate because it a) belongs on StackOverflow, no ServerFault but b) will be closed there as lacking important details. — ceejayoz, Jun 29 '18 at 13:16
OP, your accepted answer is **dangerous** and will get your site hacked or its data compromised. Read and understand https://en.wikipedia.org/wiki/SQL_injection before trying to use it. — ceejayoz, Jun 29 '18 at 14:04

score -1 · Accepted Answer · answered Jun 29 '18 at 13:20

Have you include config file properly? Are getting proper database connection? Double Check these things once.

Your source coed looks ok but provide your error if you are getting any in browser.

You may also try below code

<?php

   if($_SERVER['REQUEST_METHOD']=='POST'){
  // echo $_SERVER["DOCUMENT_ROOT"];  // /home1/demonuts/public_html
//including the database connection file
       include_once("config.php");

        $username = $_POST['username'];
    $password = $_POST['password'];

     if( $username == '' || $password == '' ){
            echo json_encode(array( "status" => "false","message" => "Parameter missing!") );
     }else{
        $query= "SELECT * FROM registerDemo WHERE username='$username' AND password='$password'";
            $result= mysqli_query($con, $query);

            if(mysqli_num_rows($result) > 0){  
             $query= "SELECT * FROM registerDemo WHERE username='$username' AND password='$password'";
                         $result= mysqli_query($con, $query);
                     $emparray = array();
                         if(mysqli_num_rows($result) > 0){  
                         while ($row = mysqli_fetch_assoc($result)) {
                                     $emparray[] = $row;
                                   }
                         }
               echo json_encode(array( "status" => "true","message" => "Login successfully!", "data" => $emparray) );
            }else{ 
                echo json_encode(array( "status" => "false","message" => "Invalid username or password!") );
            }
             mysqli_close($con);
     }
    } else{
            echo json_encode(array( "status" => "false","message" => "Error occured, please try again!") );
    }
?>

If you want to get working services then visit php login and register in android tutorial for more details.

Service for register

<?php

   if($_SERVER['REQUEST_METHOD']=='POST'){
  // echo $_SERVER["DOCUMENT_ROOT"];  // /home1/demonuts/public_html
//including the database connection file
       include_once("config.php");

        $name = $_POST['name'];
    $username = $_POST['username'];
    $password = $_POST['password'];
    $hobby= $_POST['hobby'];

     if($name == '' || $username == '' || $password == '' || $hobby == ''){
            echo json_encode(array( "status" => "false","message" => "Parameter missing!") );
     }else{

            $query= "SELECT * FROM registerDemo WHERE username='$username'";
            $result= mysqli_query($con, $query);

            if(mysqli_num_rows($result) > 0){  
               echo json_encode(array( "status" => "false","message" => "Username already exist!") );
            }else{ 
             $query = "INSERT INTO registerDemo (name,hobby,username,password) VALUES ('$name','$hobby','$username','$password')";
             if(mysqli_query($con,$query)){

                 $query= "SELECT * FROM registerDemo WHERE username='$username'";
                         $result= mysqli_query($con, $query);
                     $emparray = array();
                         if(mysqli_num_rows($result) > 0){  
                         while ($row = mysqli_fetch_assoc($result)) {
                                     $emparray[] = $row;
                                   }
                         }
                echo json_encode(array( "status" => "true","message" => "Successfully registered!" , "data" => $emparray) );
             }else{
                 echo json_encode(array( "status" => "false","message" => "Error occured, please try again!") );
            }
        }
                mysqli_close($con);
     }
     } else{
            echo json_encode(array( "status" => "false","message" => "Error occured, please try again!") );
    }

 ?>

Config for this is as below

<?php
$host="localhost";
$user="your username";
$password="your password";
$db = "your db name";

$con = mysqli_connect($host,$user,$password,$db);

// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }else{  //echo "Connect"; 


   }

?>

This is **dangerous** code that's vulnerable to SQL injection as well as storing plain-text, unhashed passwords. — ceejayoz, Jun 29 '18 at 13:37

PHP Script is showing error

1 Answers1