(Sample tutorial) - XMLHttpRequest + Mysql externo

[Ev. rodrigo dos santos]

As promised, here's a good example of connecting to mysql on an external server

A simple example of how to use XMLHttpRequest, the example here is basically an application where it connects to the external mysql database, in the example it contains a php query with the functions of query, insert and update, it can even be used as automatic authentication, since Start I enter a record in the bank and I get the ID and saved in the cell phone so when I connect the second time I do not need to log in because the id of the user will be fixed in the application and then increment or decrement points using the update function

table mysql>>>

CREATE TABLE IF NOT EXISTS `user` (

  `iduser` int(11) NOT NULL AUTO_INCREMENT,

  `email` varchar(100) COLLATE utf8_unicode_ci NOT NULL,

  `pontos` int(11) NOT NULL,

  PRIMARY KEY (`iduser`)

) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=39 ;

[Ev. rodrigo dos santos]

Someone here can improve the automatic authentication, instead of saving the ID in txt on the device to authenticate in the bank can use sqlite to save the id in the device, who can perfect the spk

[Pete Bradley]

What does the PHP file look like?

I am also trying to send data to a php server but am not sure how to setup the PHP file on my server.

[JustAnotherDude]

if you send the data via GET then you need to put

http(s)://url.com/file.php?Var=(Data)

and in file.php you need to read the data via $_GET["Var"]

[JustAnotherDude]

later i can give you an example :)

[JustAnotherDude]

i hope that you have escaped any input on the site before it will saved in the database :O

where i am not busy i can try to create another table via the value where the email is set :3

[John Constatine]

*PHP*

<?php require_once('conf/conexao.php'); ?> //file conect mysql

<?php

error_reporting (E_ALL & ~ E_NOTICE & ~ E_DEPRECATED);

 

 if(isset($_GET["email"])==true)

{

$email =$_GET['email'];

  

  $sql = "insert into user (email) values ('$email')";

  

  $resultado = mysql_query($sql) or die ("Erro: " . mysql_error());

  

  if($resultado)

 //echo "ok";

   echo mysql_insert_id();

   else

          echo "0";

}

if(isset($_GET["id"])& $_GET["x"]==true)

{

$user =$_GET['id'];

  

  $sql = "update user set pontos=pontos-1 where iduser ='$user'";

  $resultado = mysql_query($sql) or die ("Erro: " . mysql_error());

  

 $busca1=mysql_query("select pontos from user where iduser ='$user'");

$row = mysql_fetch_row($busca1);

   echo $row[0] ;

  

}

if(isset($_GET["id"])& $_GET["xx"]==true)

{

$user =$_GET['id'];

  

  $sql = "update user set pontos=pontos+1 where iduser ='$user'";

  $resultado = mysql_query($sql) or die ("Erro: " . mysql_error());

  

 $busca1=mysql_query("select pontos from user where iduser ='$user'");

$row = mysql_fetch_row($busca1);

   echo $row[0] ;

  

}

if(isset($_GET["id"])& $_GET["yy"]==true)

{

$user =$_GET['id'];

  

 

 $busca1=mysql_query("select pontos from user where iduser ='$user'");

$row = mysql_fetch_row($busca1);

   echo $row[0] ;

  

}

  

?>

[JustAnotherDude]

ok i see you are new to sql :3
so i see i can drop your table and perform another harmfull actions

just because $email is not escaped and you are using an old sql function (mysql_) :3

[JustAnotherDude]

i recommend to use https://gist.github.com/danferth/9512172 (pdo) instead the old mysql function

its more secure (if you use the bind) and nobody can drop your database :)