Passing parameter in url for GET method using afnetworking

ios objective-c afnetworking afnetworking-2

22,487

It looks like there are a number of issues with the URL you're constructing, and the way you're passing (or not passing) parameters into AFNetworking. You don't need to construct your query string yourself, as AFNetworking will do that for you. As mentioned in my comment above, passing query=where UserName='abc' as part of a URL seems like a bad idea. However, here's a quick example of how you'd call AFNetworking's GET method if your URL was slightly different:

// URL format: https://<BASE_URL>/<TENANT_URL>/?username=abc&companyId=&page=1&pageSize=25&filterResultByColumns=true

NSURL *baseURL = [NSURL URLWithScheme:@"https" host:BASE_URL path:TENANT_URL];

[manager GET:[baseURL absoluteString] 
  parameters:@{ @"username": @"abc",
                @"companyId": @"example",
                @"page": @1,
                @"pageSize": @25,
                @"filterResultByColumns": @YES }
     success:^(AFHTTPRequestOperation *operation, id responseObject) {
            // handle success
            }
     failure:^(AFHTTPRequestOperation *operation, NSError *error) {
            // handle failure
            }];

If you pass your parameters into the GET method, AFNetworking will construct the query string for you.

22,487

Author by

iPhone Guy

Updated on July 09, 2022

Comments

iPhone Guy almost 2 years

i have url in which query is executed.

https://<BASE_URL>/<TENANT_URL>/?query=where UserName='abc'&companyId=&page=1&pageSize=25&filterResultByColumns=true

i am escaping the remaining part after tenant url like this,

 NSString *requestUrl = [[NSString stringWithFormat:@"%@/?query=where UserName='%@'&companyId=&page=1&pageSize=25&filterResultByColumns=true",<TENANT_URL>,userCredential.userName]stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];

    requestUrl = [NSString stringWithFormat:@"%@/%@",baseurl,requestUrl];

Here is my GET request.

AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager];
        AFHTTPResponseSerializer *serializer = [AFHTTPResponseSerializer serializer];

            serializer.acceptableContentTypes = [NSSet setWithObject:@"application/json"];


        manager.responseSerializer = serializer;
        manager.requestSerializer = [AFJSONRequestSerializer serializer];
    NSString *path = [NSString stringWithFormat:@"%@",URL];


    [manager GET:path parameters:parameters success:^(AFHTTPRequestOperation *operation, id responseObject) {
                    NSError* error = nil;
                    NSArray* json = [NSJSONSerialization
                                          JSONObjectWithData:responseObject

                                          options:kNilOptions 
                                          error:&error];
                    success(json);
                }
                     failure:^(AFHTTPRequestOperation *operation, NSError *error) {
                         failure(error);
                     }];

But i always getting a 400 Bad request error. I think problem is with "query=where ..". But i am not sure. How can i parse the URL. I tested with "POSTMAN" in Chrome. It works perfectly. But it throws me an error when i run the app.

Error:

Error Domain=AFNetworkingErrorDomain Code=-1011 "Request failed: bad request (400)" UserInfo=0xb7ac2b0 {NSErrorFailingURLKey=https://<BASE_URL>/<TENANT_URL>/?query=where UserName='abc'&companyId=&page=1&pageSize=25&filterResultByColumns=true&url=https%3A%2F%2F<BASE_URL>%2F%2F<TENANT_URL>%2F%3F?query=where%2DUserName%3D%27abc%27%26companyId%3D%26page%3D1%26pageSize%3D25%26filterResultByColumns%3Dtrue, AFNetworkingOperationFailingURLResponseErrorKey=<NSHTTPURLResponse: 0xb7e6910> { URL: https://<BASE_URL>/<TENANT_URL>/?query=where UserName='abc'&companyId=&page=1&pageSize=25&filterResultByColumns=true&url=https%3A%2F%2F<BASE_URL>%2F%2F<TENANT_URL>%2F%3F?query=where%2DUserName%3D%27abc%27%26companyId%3D%26page%3D1%26pageSize%3D25%26filterResultByColumns%3Dtrue } { status code: 400, headers {
    "Cache-Control" = private;
    "Content-Length" = 0;
    "Content-Type" = "text/html";
    Date = "Fri, 17 Jan 2014 05:29:56 GMT";
    Server = "Microsoft-HTTPAPI/2.0";
    "X-AspNet-Version" = "4.0.30319";
    "X-Powered-By" = "ASP.NET";
} }, NSLocalizedDescription=Request failed: bad request (400)}

iPhone Guy over 10 years

Yes..you saved my day. Thanks
iPhone Guy over 10 years

i got the response.But it seems to be incorrect. Because when i browse the url https://<BASE_URL>/<TENANT_URL>/. i get dummy response which doesn't take any parameters that i am passing.
CouchDeveloper over 10 years

James, you are saying "passing parameters as part of a URL seems a bad idea", why? IMHO, this is not sufficient to exploit SQL injection.
James Frost over 10 years

I'm not saying that passing parameters as a whole is a bad idea - of course, that's the way GET requests work. I was specifically referring to this parameter: query=where UserName='abc' - it looks as though it's intended to be used as part of an SQL SELECT query on the server side.
race_carr over 9 years

Just curious, did @"filterResultByColumns": @YES construct filterResultByColumns=1 or filterResultByColumns=true in your URL?