0

How do I send the data to this PHP file below? I can establish the connection and send data, but can't receive the response. I need to send 3 parameters, the "op", Username and password.

switch ($_POST["op"]) {

    // User Authentication.
    case 1:
        $UName = $_POST["UName"];
        $UPass = $_POST["UPass"];
        $UPass = md5($UPass);

        //....Some code

    // New user registration process.
    case 2:
        $UName = $_POST["UName"];
        $UPass = $_POST["UPass"];
        $UEmail = $_POST["UEmail"];
        $UNick = $_POST["UNick"];
        $UPass = md5($UPass);

         //....Some code
        }

My code so far:

HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("http://SomeUrl/login.php");

        try {

            List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2);
            nameValuePairs.add(new BasicNameValuePair("1", "dan"));
            httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));

            response = httpclient.execute(httppost);
            String responseBody = EntityUtils.toString(response.getEntity());
            Log.d(TAG, ""+responseBody);

        } catch (ClientProtocolException e) {
            // TODO Auto-generated catch block
        } catch (IOException e) {
            // TODO Auto-generated catch block
        }

What am I doing wrong?

andr
  • 15,970
  • 10
  • 45
  • 59
Dim
  • 4,527
  • 15
  • 80
  • 139

2 Answers2

1

Android HTTP POST should look like this:

     HttpParams httpParams=new BasicHttpParams();
     HttpConnectionParams.setConnectionTimeout(httpParams, 10000);
     HttpConnectionParams.setSoTimeout(httpParams, 10000);

     // Data to send
     ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
     nameValuePairs.add(new BasicNameValuePair("UName", "dan"));
     nameValuePairs.add(new BasicNameValuePair("UPass", "password"));
     nameValuePairs.add(new BasicNameValuePair("op", "1"));

     //http post
     try{
     HttpClient httpclient = new DefaultHttpClient();
     HttpPost httppost = new HttpPost("http://SomeUrl/login.php");
     httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs, "UTF-8"));
     HttpResponse response = httpclient.execute(httppost);
     HttpEntity entity = response.getEntity();
     is = entity.getContent();

     }catch(Exception e){

     }

In your PHP code I would strongly recommend to use mysql_real_escape_string($_POST['UName']) otherwise it is easy to attack via SQL injection. I would also recommend to use either SSL connection (HTTPS) or to send the password only hashed (MD5)

tobias
  • 2,322
  • 3
  • 33
  • 53
1

Looking at your PHP code, at a bare minimum you need to specify an op parameter. Then depending on which op you're trying to carry out, make sure you specify the other needed parameters as well. For user authentication (op = 1):

nameValuePairs.add(new BasicNameValuePair("op", "1"));
nameValuePairs.add(new BasicNameValuePair("UName", "dan"));
nameValuePairs.add(new BasicNameValuePair("Pass", "somepass"));

On a side note, you should secure the PHP service with SSL, if you are using it to process sensitive user information.

Perception
  • 79,279
  • 19
  • 185
  • 195