PHP from iPhone app

[Niall_]

Hi,

 

I am new trying to make a simple test iPhone app that reads data from a MySql server via php get method. As a test I used a 'film' database but soon realised that if the get method contains two words '%20' is added to the middle.

 

As a workaround, I tried:

if (strpos($_GET['film'], '%20') !==false)

$film = str_replace("%20", " ", $_GET['film'];

else

$_GET[film]=$film;

 

and then appending $film to the end of my sql query.

 

I have tried many variations of this but cannot get it to work! Any advice would be much appreciated.

 

Niall

[Bradley99]

To my knowledge to must use this command:

getCommands()

 

Like so:

 

function getCommands()
  {
    $films = array();
    foreach( $this->_commands as $films )
    {
      $selected_film []= $selected_film['title'];
    }
    return $films;

 

? I am not fully knowledgeable on Iphone Apps so i may be wrong.

[dragon_sa]

$film=$_GET['film'];
$replace=array("%20");
$film=str_replace($replace, ' ', $film);
echo $film; 

[kenrbnsn]

You're over thinking the problem. Just use urldecode on the incoming string:

<?php
$film = urldecode($_GET['film']);
?>

 

Ken

[Niall_]

Many thanks for the replies, having looked up urldecode, that option is exactly what I was trying to do.

 

However, it does not seem to work alongside the sql that I am using. The first line works as desired but the second with the urldecode does not:

 

$rs = mysql_query("SELECT id,title,cert,violence,drugs,sex,language,comments FROM films WHERE title='$_GET[film]'");

 

 

$rs = mysql_query("SELECT id,title,cert,violence,drugs,sex,language,comments FROM films WHERE title='urldecode($_GET[film])'");

 

Any suggestions? Thanks again for the help!

[Pikachu2000]

You can't just toss a php function into a string like that; you'd need to run the data through the function first, or concatenate the function into the string.

 

So this:

$film = urldecode($_GET['film']);
$rs = mysql_query("SELECT id,title,cert,violence,drugs,sex,language,comments FROM films WHERE title='$film'");

 

Or this:

$rs = mysql_query("SELECT id,title,cert,violence,drugs,sex,language,comments FROM films WHERE title='" . urldecode($_GET[film]) . "'");

 

P.S. You also really, really, really need to be sanitizing any user-supplied data before allowing it into a query string.

[Niall_]

Thanks for quick reply Pikachu,

 

I had also tried your first method previously but no luck. Thought it may have been a syntax error before so tried every other possible variation of (), [], ", '.

 

The second method does not return any results either. For some reason it will only return results when submitted from:

 

$rs = mysql_query("SELECT id,title,cert,violence,drugs,sex,language,comments FROM films WHERE title='$_GET[film]'");

 

Thanks also for advice malicious code being passed from user. Have not taken this into account yet as only prototype for a project I'm doing on localhost.

[Pikachu2000]

If the results are being returned by using $_GET['film'] in the query string, may I ask what makes you think you need to do anything like use urldecode()?

[Niall_]

Should have put this in the original post -

 

The user queries from the iphone application. The query is returned perfectly to the php script if it only contains one word. Any more than that I'm getting a nil array so came to the conclusion it was returning for example:

 

http://localhost:8888/title.php?film=Black%20Swan

 

[Pikachu2000]

What is the form written in?

[Niall_]

There is no html form. The app is calling the php script from the below objective-c method:

 

- (void)updateString {


self.string = searchtext.text;
label.text = self.string;

NSURL *url = [NSURL URLWithString:[NSString stringWithFormat:@"http://localhost:8888/title.php?film=%@",searchtext.text]]; 
NSString *jsonreturn = [[NSString alloc] initWithContentsOfURL:url]; // Pulls the URL
NSData *jsonData = [jsonreturn dataUsingEncoding:NSUTF32BigEndianStringEncoding];
NSError *error = nil;
NSDictionary * dict = [[CJSONDeserializer deserializer] deserializeAsDictionary:jsonData error:&error];
if (dict)
{
	rows = [dict objectForKey:@"films"];
	[rows retain];
}
NSLog(@"Array: %@",rows);
[jsonreturn release];
NSLog(@"result after rel: %@", searchtext.text);

}

 

[Pikachu2000]

If the value is actually being sent with the space encoded as '%20', then you'd need to use rawurldecode, but I'm not sure what you mean when you say it's a nil array.

[Niall_]

Thanks again for the help, still no joy with rawurldecode().

 

That should have been null array not nil array - from app console:

 

2011-01-15 22:22:18.349 json_test[73525:207] Array: (null)
2011-01-15 22:22:18.351 json_test[73525:207] result after rel: avatar 

Result from rawurldecode and amended php.

 

Whereas this is what it looks like for a single word title without any rawurldecode()