0

I have a UIBarButtonItem which needs to update a table when clicked, my problem is i'm not sure how to import the username that is logged in, to identify the user that is being updated, I believe I can manage the location portion, essentially checking the location array for a string and setting location variable equal to it.

My username is stored in a different file as

NSString *post = [[NSString alloc]  initWithFormat:@"Username=%@&Password=%@", [_username text], [_password text]];

Location is stored here

NSURL * url = [NSURL URLWithString:getDataURL];
NSData * data = [NSData dataWithContentsOfURL:url];

_jsonArray = [NSJSONSerialization JSONObjectWithData:data options:kNilOptions error:nil];

//Set up location array

_locationArray = [[NSMutableArray alloc] init];

//loop through jsonArray

for (int i=0; i < _jsonArray.count; i++) {
        //Create city object
    NSString * gName = [[_jsonArray objectAtIndex:i] objectForKey:@"Name"];
    NSString * gAddress = [[_jsonArray objectAtIndex:i] objectForKey:@"Address"];


    //Add city object to our cities array
    [_locationArray addObject:[[Locations alloc] initWithCityName:gName andtheAddress:gAddress]];

My current code 

NSString *username = @"username";// username to identify table

/*Not yet sure how to implement location. Something along the lines of
if ([_currentCity.gName isEqualToString:@"name"])*/

NSString *url = [NSString stringWithFormat:@"http://url/checkIn.php"];

// build the request
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] init];
[request setURL:[NSURL URLWithString:url]];
[request setHTTPMethod:@"POST"];
NSMutableData *body= [NSMutableData data];
[request setHTTPBody:body];

NSData *returnData = [NSURLConnection sendSynchronousRequest:request returningResponse:NULL error:nil];

NSString *returnString = [[NSString alloc] initWithData:returnData encoding:NSUTF8StringEncoding];
NSLog(@"returned: %@", returnString);

My php file

<?php

$username = $_GET['Username'];
$location = $_GET['Location'];

$con=mysqli_connect("localhost","user","pass","db");

// Check connection  
if (mysqli_connect_errno())  { 
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$sql = "UPDATE users SET Location='$location' WHERE username = '$username'";
mysqli_query($con,$sql);

$result = mysqli_query ($con, "SELECT * FROM users");
mysqli_close($con);

?>
tysco
  • 25
  • 5
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Aug 07 '17 at 20:46
  • Where are you getting the `$location` from? – Anis Alibegić Aug 07 '17 at 20:51
  • @Spectarion Sorry, just edited my question. More concerned with the user for now, i think I can manage the location portion, but I am stumped on the username completely. – tysco Aug 07 '17 at 21:09
  • You are sending data using `POST` method but in PHP you are checking if username and location are sent using GET method, not POST. Also, you are sending username with key `username` but you are looking for the username with key `Usr`. Change `$username = $_GET["Usr"];` to `$username = $_POST["username"];` – Anis Alibegić Aug 07 '17 at 21:20
  • @Spectarion thank you, I'll look into which to use there. – tysco Aug 07 '17 at 21:23
  • And also check if you are sending username at all because I'm not familiar with xCode but to me, it looks like variable `username` is not use at all. – Anis Alibegić Aug 07 '17 at 21:28
  • @Spectarion no it isn't. I just have it there as a placeholder I need to replace it with a variable that can get current username that is logged in, which I'm unsure of. – tysco Aug 07 '17 at 21:39

0 Answers0