CODEWITHSUNDEEP
phpjson
Ashish Kudale
Ashish Kudale

Reputation: 1260

PHP : unable to insert json string into database

I am new to php. I am sending a json string in post. That json string is array list of products. which I will be sending from android to php webservice. When I var_dump my array after decode it shows null.

Here is my code

<?php

$servername = "mysql.hostinger.in";
$username = "username";
$password = "password";
$dbname = "db_name";

$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$orderDetails = mysqli_real_escape_string($conn, $_POST['orderDetails']);
$name = mysqli_real_escape_string($conn, $_POST['name']);
$refNo = mysqli_real_escape_string($conn, $_POST['refNo']);
$date = mysqli_real_escape_string($conn, $_POST['date']);
$amount = mysqli_real_escape_string($conn, $_POST['amount']);

$objs = json_decode($orderDetails, true);

//var_dump($objs);

$sql = "INSERT INTO tblOrder (name, refNo, date, quality, design, qty, pcs, amount) values ('$name', '$refNo', '$date', 'mix quality', 'mix design', '1250', '2', '$amount')";
mysqli_query($conn, $sql);
$orderId = mysqli_insert_id($conn);

if(is_array($objs) || is_object($objs)){
foreach($objs as $item) {
    $sql2 = "INSERT INTO tblOrderDetails (orderId, quality, design, shade, quantity, rate) 
       VALUES ('$orderId', '".$item['qualityName']."', '".$item['designName']."', '".$item['name']."','".$item['pcs']."', '".$item['amount']."')";

       mysqli_query($conn, $sql2);
     }
}

mysqli_close($conn);
?>

And here is my json string which I am passing as orderDetails in post.

[
  {
    "amount": "1000",
    "qualityName": "Cotton",
    "designName": "11001",
    "discPercent": "5",
    "image": "http://website.com/Demo/images/1.jpg",
    "name": "Black",
    "position": 0,
    "pcs": 3,
    "id": 1
  },
  {
    "amount": "900",
    "qualityName": "Cotton",
    "designName": "11001",
    "discPercent": "9",
    "image": "http://website.com/Demo/images/2.jpg",
    "name": "Green",
    "position": 0,
    "pcs": 2,
    "id": 2
  }
]

In android I am using Volley Library to send data in post.

Please suggest me something.

Upvotes: 2

Views: 746

Answers (1)

Paolo
Paolo

Reputation: 15847

The JSON you're getting on $_POST['orderDetails'] is valid (assuming it is the string you posted at the end of your question).

However you're invalidating it with

$orderDetails = mysqli_real_escape_string($conn, $_POST['orderDetails']);

You should decode it first with

$objs = json_decode($orderDetails, true);

and then escape each property into the foreach loop when building the SQL string:

foreach($objs as $item) {
    $qualityName = mysqli_real_escape_string($conn, $item['qualityName'] );
    $designName  = mysqli_real_escape_string($conn, $item['designName'] );
    /* ... */

    $sql2 = "INSERT INTO tblOrderDetails (orderId, quality, design, shade, quantity, rate) 
       VALUES ('$orderId', $qualityName, $designName, ....... )";

    mysqli_query($conn, $sql2);
}

Important note:

It is highly reccomended to use prepared statements instead of escaping data and then building queries by joining strings.

They're trivial to use, code is more readable, less error prone and not subject to SQL injection.

Upvotes: 2

Related Questions