-1

I'm a junior android developer, and i was asked to make an app that connects to a mysql database and downloads some data.

I have no knowledge at all of PHP and mysql, so please forgive me in advance for any badly written code, if you'd like to comment and thus help me improve my code writing, i'll be grateful :)

I had no issues with downloading all data from a database and passing it to the app through my simple API, but when i'm trying to pass only some entries of another database (that's to say, with a get function with a parameter in it) i'm having some issues.

I'm posting the code right here.

DbOperation.php 

class DbOperation
{
private $con;

//Class constructor
function __construct()
{
    require_once dirname(__FILE__) . '/DbConnect.php';
    $db = new DbConnect();
    $this->con = $db->connect();
}

//This is the WORKING function, i have no issues with it.

function getEvento(){
$stmt = $this->con->prepare("SELECT event_id, event_title, event_begin, event_end, event_category, event_link, event_label FROM wp_my_calendar");
$stmt->execute();
$stmt->bind_result($id, $titolo, $inizio, $fine, $categoria, $link, $luogo);

$eventi = array(); 

while($stmt->fetch()){
$evento  = array();
$evento['id'] = $id;
$evento['titolo'] = $titolo; 
$evento['inizio'] = $inizio; 
$evento['fine'] = $fine;
$evento['categoria'] = $categoria; 
$evento['link'] = $link;    
$evento['luogo'] = $luogo; 

array_push($eventi, $evento); 
}

return $eventi; 
}

From now on, what i'm doing is: first (getUtenteId) i get the submission_id from the mail of the user. Then (getUtenteDati) from the submission_id i can get all the user's values and return them. I'll call both get functions in the Api.php file. (Here we're still in DbOperation.php)

 function getUtenteId($email){
 $idutente = $this->con->prepare("SELECT submission_id FROM wp_rm_submissions WHERE user_email='$email'");
 $idutente->execute();
 $idutente->bind_result($sub_id);
 $idutente->fetch();
 //echo $sub_id;
 return $sub_id; 
 }

 function getUtenteDati($utenteid) {
 $stmt = $this->con->prepare("SELECT field_id, value FROM wp_rm_submission_fields WHERE submission_id='$utenteid' ORDER BY field_id");
 $stmt->execute();
 $stmt->bind_result($fieldid, $valori);

 $dati = array();

 while($stmt->fetch()){
     $dato  = array();
     $dato['id'] = $fieldid;
     $dato['valore'] = $valori;
     //echo $valori;
     array_push($dati, $dato);
 }

 return $dati;
 }
 }

 ?>

And here's the Api.php file

<?php 

require_once '../includes/DbOperation.php';

function isTheseParametersAvailable($params){
$available = true; 
$missingparams = ""; 

foreach($params as $param){
if(!isset($_POST[$param]) || strlen($_POST[$param])<=0){
$available = false; 
$missingparams = $missingparams . ", " . $param; 
}
}

if(!$available){
$response = array(); 
$response['error'] = true; 
$response['message'] = 'Parameters ' . substr($missingparams, 1, strlen($missingparams)) . ' missing';

echo json_encode($response);

die();
}
}

$response = array();


if(isset($_GET['apicall'])){

switch($_GET['apicall']){


case 'geteventi':
$db = new DbOperation();
$response['error'] = false; 
$response['message'] = 'Calendario aggiornato';
$response['messagedata'] = 'Data aggiornata';
$response['eventi'] = $db->getEvento();
break;

case 'getutente':
$db = new DbOperation();
//isTheseParametersAvailable(array('emailutente')); Commented because it returns error, don't know why.
$response['error'] = false; 
$response['message'] = 'Dati utente scaricati';
$response['messagedata'] = 'Dati utente scaricati';
$emailutente = $_GET['emailutente'];
$idutente = $db->getUtenteId($emailutente);
//echo "id utente $idutente";
$dbdue = new DbOperation();
$response['utente'] = $dbdue->getUtenteDati($idutente);
break;
}
}else{
$response['error'] = true; 
$response['message'] = 'Errore nel tentativo di aggiornare i dati, controlla la connessione a internet e riprova';
}

echo json_encode($response);

If i call this API correctly (http://.../Api/v1/Api.php?apicall=getutente&emailutente=user@mail.it), what i get is a blank page.

If i write "emailutente" wrong in the url (like emailsuteente), i get no error, but the response is empty.

 {"error":false,"message":"Dati utente scaricati","messagedata":"Dati utente scaricati","utente":[]}

I tried to use an echo inside my getUtenteDati function, and it prints all the data i need correctly.

Any clues?

Thank you in advance!

EDIT: I tried to use this code in my local DB, and it's working. Issue still remains inside my remote DB. And it's weird, because with a simple ECHO inside the get function, i'm getting all the values i want. But it simply seems to refuse to give them to me inside an array.

G. C.
  • 7
  • 4
  • That's a lot of code to look at. I'll need to read a few times. Please improve the tabbing. You can use `!strlen ()` instead of `<=0`. If you are going you are going to use prepared statements, use placeholders for security reasons. – mickmackusa Apr 04 '18 at 10:55
  • 1
    try to locate your PHP error log, an empty page seems like an fatal error. In the log will be written what exactly is going wrong. You also could turn on the error display: https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display – Michael B. Apr 04 '18 at 11:03
  • Weird. I tried to put everything in my local database and it's working. But i'm still getting an empty page with my remote db. Maybe it's protected somehow? Still, i can get the values with a simple echo inside the function, so... i'm puzzled. – G. C. Apr 04 '18 at 11:10
  • ...also, this looks hackish: `substr($missingparams, 1, strlen($missingparams))`. I recommend building an array called `$missingparams` then imploding with comma-space when you want to display the values. This way you don't need `$available`, just check if `!sizeof($missingparams)`. – mickmackusa Apr 04 '18 at 11:34
  • Ok @mickmackusa , thank you for your imputs :) I believe that "values" in that database are api-protected (?) and thus not accessable via API, since i can get other entries of the database without issues. This is the DB screenshot: https://s18.postimg.org/mq2rbo9t5/screenshot_122.png Do you happen to know a workaround to get those entries? – G. C. Apr 04 '18 at 12:43
  • @MichaelB. No errors in the console. Probably just a protected database, since the same code works in localhost. But i don't know how to check if that's the case, and how to fix it... – G. C. Apr 04 '18 at 12:45

1 Answers1

0

Just a small update. The code was actually correct. The issue was with the Wordpress database refusing to return sensible data with my query from remote. I managed to get them in a safer way, with a simple self-made plugin:

global $wpdb;
[...]

if( is_user_logged_in() AND ! is_admin() ) {
    $current_user = wp_get_current_user();
    $email = $current_user->user_email;

$userid= $wpdb->get_var($wpdb->prepare("SELECT [...], $email);
G. C.
  • 7
  • 4