Problems with POST in php

Sergi_00 · November 20, 2023, 10:36am

Other Information

Estoy intentado usar un php de registrar para mandar informacion a la base de datos, tengo uno con get y otro con post, el de get si funciona, pero cuando intento usar post no detecta la entrada de informacion, dejo el codigo php, pero el local me funcionan ambos

Translated by the moderator @Sergi_00 Please speak only English !

I am trying to use a php registry to send information to the database, I have one with get and another with post, the get one works, but when I try to use post it does not detect the information entry, I leave the php code, but the local both work for me

<?php

include 'header.php';

try {
    $conn= mysqli_connect($db_servidor, $db_user, $db_pass, $db_baseDatos);

    if (!$conn) {
        echo '{"codigo": 400,"mensaje":"Fallo en la conexion","respuesta":""}';
    }else {

        if (isset($_POST['nombre']) &&
        isset($_POST['alias']) &&
        isset($_POST['pass'])) 
        {

            $nombre  = $_POST['nombre'];
            $alias    = $_POST['alias'];
            $pass     = password_hash($_POST['pass'], PASSWORD_DEFAULT);

            $sql = "SELECT * FROM `usuarios` WHERE alias='".$alias."';";
            $result = $conn->query($sql);

            if ( $result->num_rows > 0) {
                echo '{"codigo": 202,"mensaje":"El alias ya esta en uso","respuesta":""}';
            }else {                
            
                $sql = "INSERT INTO `usuarios` (`id`, `nombre`, `alias`, `pass`) 
                VALUES (NULL, '".$nombre."', '".$alias."', '".$pass."');";

                $sql2 = "INSERT INTO `registro` (`alias`) VALUES ('".$alias."');";
                

                if ($conn->query($sql) === TRUE && $conn->query($sql2) === TRUE) {

                    $sql = "SELECT * FROM `usuarios` WHERE alias='".$alias."';";
                    $result = $conn->query($sql);
                    $texto ='';

                    while ($row = $result->fetch_assoc()) {
                        $texto = '{#id#:' . $row["id"] . ',#nombre#:#' . $row["nombre"] . '#,#alias#:#' . $row["alias"] .
                            '#,#pass#:#' . $row["pass"] . '#}';
                    }

                    echo '{"codigo": 201,"mensaje":"Usuario creado correctamente","respuesta":"'.$texto.'"}';
                    $conn->close();
                }else {
                    echo '{"codigo": 401,"mensaje":"Error al crear el usuario","respuesta":""}';
                }

            }
            
        }else {
            echo '{"codigo":402,"mensaje":"Faltan datos para llevar a cabo la operacion","respuesta":""}';
        }


    }
} catch (Exception $e) {
    echo '{"codigo":400,"mensaje":"Fallo en la conexion","respuesta":""}';
}

el de get es igual cambiando POST por GET

that of get is the same, changing POST to GET

Admin · November 20, 2023, 4:12pm

I don’t see any obvious problems with the code that could explain this. Do you have a URL where we can try this for ourselves?

That said, you may not want anyone to know where this code exists. Virtually every query in your code is vulnerable to SQL Injection. Please make sure to either validate/sanitize all input, or use parameterized queries.

One possible explanation that comes to mind is that GET parameters can follow redirects, but POST parameters do not. So if the URL the form is submitting to does a redirect to the actual script, it will work with GET but not with POST.

Herbert · November 21, 2023, 3:20am

Hey there, like Admin said earlier, there’s no issue with the logic, but your code is vulnerable to SQL injection. You should consider using PDO (PHP Data Objects)
to prevent further attacks. However, make sure to check your HTML form for the name attribute and compare it with the PHP Isset function. It’d be better if you provided the HTML form code too.

ChrisPAR · November 21, 2023, 5:00am

PDO with prepared statements is a way, but MySQLi functions can also be utilized for the same purpose, the choice is not relevant. A guide written by Admin exists for this topic:

Herbert · November 21, 2023, 6:51am

But if you use only MySQLi functions it’d only work on MySQLi.

system · November 28, 2023, 6:51am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.