mysql - Reading JSON array with PHP
Get the solution ↓↓↓I wrote a simple php script that will take in a JSON array (so I think), and it will add the received array into a MySQL database. However, when I call the script, it only adds the last item in the array to the database. Is there something simple here that I'm missing?
Also, my TRUNCATE TABLE fails to remove anything from the table.
<?php
$handle = mysql_connect('localhost','root','');
if($handle==false)
{
die('No database connection');
}
$result = mysql_query("TRUNCATE TABLE 'available_ingredients'");
$db=mysql_select_db('r2bar2');
$query='INSERT INTO available_ingredients (drink_name) VALUES ("'.$_POST["drink_name"].'")';
$result=mysql_query($query);
?>
EDIT: Below is the code that generates the JSON array
ArrayList<NameValuePair> j2 = new ArrayList<NameValuePair>();
j2.add("drink_name", "rootbeer")
j2.add("drink_name", "pepsi")
HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost(my url);
httppost.setEntity(new UrlEncodedFormEntity(j2));
HttpResponse response = httpclient.execute(httppost);
responseText = EntityUtils.toString(response.getEntity())
Answer
Solution:
TRUNCATE TABLE
does not need or want single quotes around the table name- You don't show us what
$_POST
contains exactly, so we can't say what happens exactly - The code embeds user-supplied data inside SQL without sanitization, so it's vulnerable to SQL injection
You should get into the habit of checking all return values from the functions you call for errors (just like you already do withmysql_connect
); this would cause you to discover why TRUNCATE TABLE fails immediately.
Answer
Solution:
Use json_decode to see how PHP is receiving the json object. On the Android side, you should probably just make a single variable to send with your json data.
i.e. data='...json string goes here..' (pseudo code as I'm not sure how you are doing it in android. The idea is that you would send 1 key/value to PHP, with the key being data, and the value being all the values of in your json string.)
Then in PHP, if you're sending via POST, then you can get it like this:
Note, Remove the truncate table query, as others have mentioned too it is wiping your entire table.
This code should answer your primary question though.
<?php
// decode json string
$data = json_decode($_POST['data']);
// sanitize your input to avoid sql injection like others have mentioned
$safe_drink_name = mysql_real_escape_string($data->drink_name);
.... // your mysql connect code
$query='INSERT INTO available_ingredients (drink_name) VALUES ("'.$safe_drink_name.'")';
?>
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: call to undefined function mysqli_connect()
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.