0

I am seriously stuck trying to pass an update to a MySQL database with an Array using PHP. The data is coming from a React app using PHP for the api. Currently I am unable to get results reflected in database.

Array from React

{"updateArray":
[{"user_id":"1000005","harassment_val":true,"safety_val":null},
{"user_id":"1000006","harassment_val":1,"safety_val":null},
{"user_id":"1000007","harassment_val":0,"safety_val":null},
{"user_id":"1000008","harassment_val":0,"safety_val":null},
{"user_id":"1000009","harassment_val":0,"safety_val":null,},
{"user_id":"1000010","harassment_val":1,"safety_val":1},
{"user_id":"1000011","harassment_val":0,"safety_val":null},
{"user_id":"1000012","harassment_val":0,"safety_val":null}]
}

Current PHP Code

<?php include 'DBConfig.php';

$con = new mysqli($HostName, $HostUser, $HostPass, $DatabaseName);
$json = file_get_contents('php://input');
$obj = json_decode($json,true); 
$update_array =  $obj['updateArray'];

// $update_array  is array obj from app
// $content is field harassment_val in array
// $id is user_id field array to be used as key
// users, name of table to be updated
// harassment_val is field in table to be updated
// user_id is field in table to be used as key


foreach ($update_array as $key => $users) {
    $content = intval($users->harassment_val);
    $id = intval($users->user_id);
    $sql = "UPDATE users SET harassment_val='$content' WHERE user_id='$id'";
    $result = mysqli_query($con,$sql);
    }
?>

I've come across mysqli_real_escape_string but I am using intval as true should return an integer of 1, however I am unsure about this. Thanks for any help.

Cheers,

Improve this question
4
  • 1
    As you decode to an associative array, you probably should use $users['harassment_val'] Commented Mar 15, 2020 at 21:31
  • 2
    See about sql injection and the importance of prepared and bound queries Commented Mar 15, 2020 at 21:31
  • Or you can remove ,true from the json_decode() call, then you'll get an array of objects. Commented Mar 15, 2020 at 21:32
  • Nigel Ren, That did it! Thank you very much. Commented Mar 15, 2020 at 21:38

1 Answer 1

Reset to default
2

Since you have true as the second argument to json_decode(), you're getting associative arrays, not objects. Remove that argument to so you can use $users->user_id.

Then you should use a prepared statement instead of substituting variables.

<?php include 'DBConfig.php';

$con = new mysqli($HostName, $HostUser, $HostPass, $DatabaseName);
$json = file_get_contents('php://input');
$obj = json_decode($json); 
$update_array =  $obj['updateArray'];


$sql = "UPDATE users SET harassment_val=? WHERE user_id=?";
$stmt = $con->prepare($sql);
$stmt->bind_param("ii", $content, $id);
foreach ($update_array as $key => $users) {
    $content = $users->harassment_val;
    $id = $users->user_id;
    $result = $stmt->execute();
    if (!$result) {
        echo "Error: $stmt->error <br>";
    }
}
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, trying to decode an associative array was the issue.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.