-1

Okay, so I'm trying to make a feature that allows people to register accounts on my app. I'm using android studio with volley. PHP is handling the server side. Code is below:

Java:

RegisterRequest.java

package james.gcsecomputingapp;


import com.android.volley.Response;
import com.android.volley.toolbox.StringRequest;

import java.util.HashMap;
import java.util.Map;

public class RegisterRequest extends StringRequest {

    private static final String REGISTER_REQUEST_URL = "http://placeholder.net/register2.php";
    private Map<String, String> params;

    public RegisterRequest(String first_name, String last_name, String email, String username, String password, Response.Listener<String> listener){
        super(Method.POST, REGISTER_REQUEST_URL, listener, null);
        params = new HashMap<>();
        params.put("first_name", first_name);
        params.put("last_name", last_name);
        params.put("email", email);
        params.put("username", username);
        params.put("password", password);
    }

    @Override
    public Map<String, String> getParams() {
        return params;
    }
}

Register.java

package james.gcsecomputingapp;

import android.app.AlertDialog;
import android.content.Intent;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.Toast;

import com.android.volley.RequestQueue;
import com.android.volley.Response;
import com.android.volley.toolbox.Volley;

import org.json.JSONException;
import org.json.JSONObject;

public class register extends AppCompatActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_register);

        final EditText etFirstName = (EditText) findViewById(R.id.etFirstName);
        final EditText etLastName = (EditText) findViewById(R.id.etLastName);
        final EditText etEmail = (EditText) findViewById(R.id.etEmail);
        final EditText etUsername = (EditText) findViewById(R.id.etUserName);
        final EditText etPassword = (EditText) findViewById(R.id.etPassword);
        final Button bRegister = (Button) findViewById(R.id.bRegister);

        bRegister.setOnClickListener(new View.OnClickListener(){
            @Override
            public void onClick(View view) {
                final String firstName = etFirstName.getText().toString();
                final String lastName = etLastName.getText().toString();
                final String email = etEmail.getText().toString();
                final String username = etUsername.getText().toString();
                final String password = etPassword.getText().toString();


                Response.Listener<String> responseListener = new Response.Listener<String>(){

                    @Override
                    public void onResponse(String response) {
                        try {
                            JSONObject jsonResponse = new JSONObject(response);
                            boolean success = jsonResponse.getBoolean("success");
                            if (success){

                                Toast.makeText(register.this, "Work", Toast.LENGTH_SHORT).show();
                                Intent intent = new Intent(register.this, login.class);
                                startActivity(intent);
                            }else{
                                AlertDialog.Builder builder = new AlertDialog.Builder(register.this);
                                builder.setMessage("Register Failed")
                                        .setNegativeButton("Retry", null)
                                        .create()
                                        .show();
                            }
                        } catch (JSONException e) {
                            e.printStackTrace();
                        }
                    }
                };
                RegisterRequest registerRequest = new RegisterRequest(firstName,lastName,email,username,password, responseListener);
                RequestQueue queue = Volley.newRequestQueue(register.this);
                queue.add(registerRequest);
            }
        });
    }


}

PHP:

Register.php

<?php
    $con=mysqli_connect("localhost","user","pass","db_database");
    
    $first_namename = $_POST["first_name"];
    $last_name = $_POST["last_name"];
    $email = $_POST["email"];
    $username = $_POST["username"];
    $password = $_POST["password"];
    $statement = mysqli_prepare($con, "INSERT INTO `db_database`.`users` (`user_id`, `first_name`, `last_name`, `email`, `username`, `password`) VALUES (NULL, first_name, last_name, email, username, password)");
    mysqli_stmt_bind_param($statement, "siss",$first_name,$last_name,$email,$username,$password);
    mysqli_stmt_execute($statement);
        
    $response = array();
    $response["success"] = true;  
    
    echo json_encode($response);
    
?>

This code seemingly produces no errors, but obviously it does not work properly. When the code is run it produces an entry in the SQL database, as expected. But those entries contain no data? Don't understand what I mean by that? Sorry about that, here's a screenshot of the table after the code has been run twice: table screenshot

Any advice on this? Anyone know what is going wrong? As I say, the code 'works' as in it runs, but it doesn't do what it is intended to do.

I'm fairly new to this so if anyone could be nice and give me a hand I'd really appreciate it. Cheers!

Edit - I'm aware that there is no form of encryption and passwords are stored in plain text. I know it should never happen, but its a thing for this assignment I have. It's complicatied, lets just pretend it's just another string.

Community
  • 1
  • 1
J. Doe
  • 19
  • 5
  • 2
    `VALUES (NULL, first_name, last_name, email, username, password)` is that your real syntax? If so, it's incorrect. Checking for errors on it `mysqli_error($con)` would have told you about it. RTM on this http://php.net/manual/en/mysqli.prepare.php – Funk Forty Niner Nov 18 '16 at 14:58
  • 2
    This also `siss` not enough to work with 5. `4 != 5`. – Funk Forty Niner Nov 18 '16 at 15:01
  • 3
    *"This code seemingly produces no errors"* - That's because you're not checking for them. You're just assuming it doesn't contain any (syntax) errors, which your code does; a few of them actually. – Funk Forty Niner Nov 18 '16 at 15:02
  • 1
    **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Nov 18 '16 at 15:11
  • https://ericlippert.com/2014/03/05/how-to-debug-small-programs/ – spencer7593 Nov 18 '16 at 15:17
  • @Fred-ii- cheers for stating the obvious when you said 4 != 5 . Any chance you could just give me the TL;DR of that doc, would be that hard would it? Multiple syntax checkers says no errors, So what do you think is the 'real' syntax? – J. Doe Nov 21 '16 at 22:08

1 Answers1

1

Here: mysqli_stmt_bind_param($statement, "siss",$first_name,$last_name,$email,$username,$password);

you have 5 variables that you want to bind. Yet you have siss like you had 1 string, 1 int, 1 string, 1string . It should be sssss as the 5 variables are all strings. And sometimes you might encounter an error if you don t write 'sssss' instead of "sssss"

Maxime Claude
  • 800
  • 9
  • 26
  • 2
    You missed a lot of stuff. Go over their entire code again and very carefully as well as reading the manual yourself on this http://php.net/manual/en/mysqli.prepare.php – Funk Forty Niner Nov 18 '16 at 15:15
  • You are right I did miss a lot. Obviously his code wasn't tested. I didn't tested neither I just stated what caught my eyes at first sight. The variables in values are wrong . (currently at work can t access any website apart from stackoverflow) Thanks for the link I ll follow the link once at home. – Maxime Claude Nov 18 '16 at 15:21
  • Aucun probleme Maxime. The values require `?` placeholders rather than what they have now. Their android stuff is all over the place (et plus). Questions like this tend to open up a big can of worms and tend to chase people down a deep rabbit hole. As you can see, I didn't post an answer for this, as I felt it best that I just post a few comments about what they're doing wrong, since I knew that if I had posted one, it would not have given them a full solution and I'd most likely be caught (in that hole) with next to endless comments from them because it's not fully doing what they want. – Funk Forty Niner Nov 18 '16 at 15:25
  • 1
    TBH, I did upvote your answer though, since it is partially correct. Bonne chance ;-) – Funk Forty Niner Nov 18 '16 at 15:26
  • (you seem to be French, it is my first tongue) So the original poster has to test his code before further commenting. Next time I ll follow this advice. Thanks – Maxime Claude Nov 18 '16 at 15:28
  • 1
    *bain kin* et pure laine *'barouette!* ;-) et de rien. Avec un nom comme le tient, pas dur à figurer ;-) – Funk Forty Niner Nov 18 '16 at 15:31