Update MySQL with an Array using PHP-ThrowExceptions

Exception or error:

I am seriously stuck trying to pass an update to a MySQL database with an Array using PHP.
The data is coming from a React app using PHP for the api.
Currently I am unable to get results reflected in database.

Array from React


Current PHP Code

<?php include 'DBConfig.php';

$con = new mysqli($HostName, $HostUser, $HostPass, $DatabaseName);
$json = file_get_contents('php://input');
$obj = json_decode($json,true); 
$update_array =  $obj['updateArray'];

// $update_array  is array obj from app
// $content is field harassment_val in array
// $id is user_id field array to be used as key
// users, name of table to be updated
// harassment_val is field in table to be updated
// user_id is field in table to be used as key

foreach ($update_array as $key => $users) {
    $content = intval($users->harassment_val);
    $id = intval($users->user_id);
    $sql = "UPDATE users SET harassment_val='$content' WHERE user_id='$id'";
    $result = mysqli_query($con,$sql);

I’ve come across mysqli_real_escape_string but I am using intval as true should return an integer of 1, however I am unsure about this.
Thanks for any help.


How to solve:

Since you have true as the second argument to json_decode(), you’re getting associative arrays, not objects. Remove that argument to so you can use $users->user_id.

Then you should use a prepared statement instead of substituting variables.

<?php include 'DBConfig.php';

$con = new mysqli($HostName, $HostUser, $HostPass, $DatabaseName);
$json = file_get_contents('php://input');
$obj = json_decode($json); 
$update_array =  $obj['updateArray'];

$sql = "UPDATE users SET harassment_val=? WHERE user_id=?";
$stmt = $con->prepare($sql);
$stmt->bind_param("ii", $content, $id);
foreach ($update_array as $key => $users) {
    $content = $users->harassment_val;
    $id = $users->user_id;
    $result = $stmt->execute();
    if (!$result) {
        echo "Error: $stmt->error <br>";

Leave a Reply

Your email address will not be published. Required fields are marked *