Home/ Questions/Q 7590449
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T20:24:12+00:00

guys i am working on android 2.2 i am stuck where the user need

  • 0

guys i am working on android 2.2 i am stuck where the user need to be authenticated with his use name and password

below is my code

PHP code:

<?php
$un=$_POST['userid'];
$pw=$_POST['password'];

mysql_connect("localhost","root","");
mysql_select_db("myhealthcare");

$sql=mysql_query("select userid,password from register where userid='$un' and password='$pw'");

while($row=mysql_fetch_assoc($sql))

$output[]=$row;

print(json_encode($output));
mysql_close();
?>

Java Code:

ArrayList<NameValuePair> nvp = new  ArrayList<NameValuePair>();

             nvp.add(new BasicNameValuePair("userid", userid.getText().toString()));
             nvp.add(new BasicNameValuePair("password", password.getText().toString()));
             String un = userid.getText().toString();
             String pass = password.getText().toString();

             System.out.println("user name is " + un);
             System.out.println("password is " +pass);
//           Log.e(""+sid.getText().toString(),"0"); 
//           Log.e(""+sname.getText().toString(),"0");
                try {
                HttpClient httpclient = new DefaultHttpClient();
                HttpPost httppost = new HttpPost("http://10.0.2.2/login.php");
                httppost.setEntity(new UrlEncodedFormEntity(nvp));
                HttpResponse response = httpclient.execute(httppost);
                HttpEntity entity = response.getEntity();
                is = entity.getContent();
                } catch(Exception e){
                    Log.e("log_tag", "Error in http connection"+e.toString());
                }
                try {
                    BufferedReader bf  = new BufferedReader(new InputStreamReader(is,"iso-8859-1"),8);
                    sb = new StringBuilder();
                    sb.append(bf.readLine()+ "\n");
                    String line="0";
                       while ((line = bf.readLine()) != null) {
                                      sb.append(line + "\n");
                        }
                        is.close();
                        result=sb.toString();
                    System.out.println("value of result " +result);

                }catch(Exception e){
                      Log.e("log_tag", "Error converting result "+e.toString());
                }
                String unm,pwd;
                try {

                    jArray = new JSONArray(result);

                    JSONObject json_data = null;

                    for(int i=0;i<jArray.length();i++){
                         json_data = jArray.getJSONObject(i);
                         unm = json_data.getString("userid");
                         pwd = json_data.getString("password");

                         System.out.println("databse user name  is " +unm);
                         System.out.println("databse password is " +pwd);

                     }

                } catch(JSONException e1){
                      Toast.makeText(getBaseContext(), "No details Found" ,Toast.LENGTH_LONG).show();
                  } catch (ParseException e1) {
                        e1.printStackTrace();
                }

i am able to fetch the value from database but i am not able to compare with user entered values please help

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would do the PHP sometheing like this instead, to do the authentication on the server and not passing the login info back and forth:

    <?php
$un=mysql_real_escape_string($_POST['userid']);
$pw=mysql_real_escape_string($_POST['password']);

mysql_connect("localhost","root","");
mysql_select_db("myhealthcare");

$result=mysql_query("select userid from register where userid='$un' and password='$pw'");

if (mysql_num_rows($result) == 0) {
   print("Not authorized"); // Or send a json-encoded object containing the message
} else {
   print("Authorized");
}
mysql_close();
?>

    Update

    Use PHP’s mysql_real_escape_string() before running any data input by a user in your SQL. Otherwise you open your DB to SQL-injections, which is really bad.

    • 0