MySQL - php script - hack

MIT App Inventor Help
5

When I sent it .... I guess I see an error ...
In the app there is "key" ... and in php "SQLKEY".
Maybe this is the mistake?
Senior1954

6 
if($_POST['key']==$SQLKEY){                                                           //validates the SQL key
    $query=urldecode($_POST['query']);
    $conn = new mysqli($DB_ADDRESS,$DB_USER,$DB_PASS,$DB_NAME);    //connect
7

Hello.
I use the php script from

does not work...
There is exactly the If as you sent me...
Question:
There is something like:
$key=$_POST["key"];
$query=$_POST["query"];
?
I do not understand that....
I only need a simple script where there is a key and a query.
I create a query in the app and send it to the server...
So far, I have created a php command only on the server in php ... for example:
$input=mysqli_query($conn, "INSERT INTO tblCisAlkohol (ID, Name) VALUES (NULL,'$Name')");
that's probably why they hated me...
Senior1954

8

hack me

9

Probably given you this link before:

10

Well, if you exactly follow the setup instructions then you also will be able to use it... you are not the first person using that solution...

Just use your working setup from here

together with my script

Taifun

11

Do some simple tests:

basic.php:

<?php 
echo "secret\r\n"; 
?>

curl -X POST https://..../basic.php

better.php:

<?php 
$SQLKEY="secret";

if ($_POST['key']==$SQLKEY) {
echo "key and SQLKEY are a match\r\n";
} else {
echo "key is incorrect\r\n";
}
 
?>

curl -d "key=secret" https://.../better.php

(note the \r\n are used to ensure a line return in my terminal)

12

Test result: key is incorrect

13

Really ?

:~$ curl -d "key=secret" https://.../better.php
key and SQLKEY are a match

image

Show YOUR php file for this, and the command you sent. (or blocks used)

14

obrázok

obrázok

obrázok

obrázok
obrázok1135×528 35.2 KB

15

obrázok

16

Can you make a "better.php" with the code provided and just test that ?

17

Unfortunately, the result is: key is incorrect
obrázok

obrázok

18

Show all your blocks for making the connection....

19

obrázok
obrázok808×346 23.7 KB

obrázok

obrázok

obrázok
obrázok1139×390 28.8 KB

obrázok
obrázok906×720 75.2 KB

20

Why all those blocks ?

You only need the blocks I showed above...

Just create a new test project!

21

Hello.
The test project works....
key and SQLKEY are a match

Senior1954

22

OK, good. Does this tell you something about your main php script and blocks ?

23

I tried to send both associative arrays and indexed arrays to the server....but it doesn't appear on the server side in php.... As if there was some problem with POST arrays...

24

I would simplify what you are doing, get that working, then build on it, step by step, testing as you go.

My test (better.php), for example, is a possible starting point...