Update MySQL with an Array using PHP-ThrowExceptions

Exception or error:

I am seriously stuck trying to pass an update to a MySQL database with an Array using PHP.
The data is coming from a React app using PHP for the api.
Currently I am unable to get results reflected in database.

Array from React

{"updateArray":
[{"user_id":"1000005","harassment_val":true,"safety_val":null},
{"user_id":"1000006","harassment_val":1,"safety_val":null},
{"user_id":"1000007","harassment_val":0,"safety_val":null},
{"user_id":"1000008","harassment_val":0,"safety_val":null},
{"user_id":"1000009","harassment_val":0,"safety_val":null,},
{"user_id":"1000010","harassment_val":1,"safety_val":1},
{"user_id":"1000011","harassment_val":0,"safety_val":null},
{"user_id":"1000012","harassment_val":0,"safety_val":null}]
}

Current PHP Code

<?php include 'DBConfig.php';

$con = new mysqli($HostName, $HostUser, $HostPass, $DatabaseName);
$json = file_get_contents('php://input');
$obj = json_decode($json,true); 
$update_array =  $obj['updateArray'];

// $update_array  is array obj from app
// $content is field harassment_val in array
// $id is user_id field array to be used as key
// users, name of table to be updated
// harassment_val is field in table to be updated
// user_id is field in table to be used as key


foreach ($update_array as $key => $users) {
    $content = intval($users->harassment_val);
    $id = intval($users->user_id);
    $sql = "UPDATE users SET harassment_val='$content' WHERE user_id='$id'";
    $result = mysqli_query($con,$sql);
    }
?>


I’ve come across mysqli_real_escape_string but I am using intval as true should return an integer of 1, however I am unsure about this.
Thanks for any help.

Cheers,

How to solve:

Since you have true as the second argument to json_decode(), you’re getting associative arrays, not objects. Remove that argument to so you can use $users->user_id.

Then you should use a prepared statement instead of substituting variables.

<?php include 'DBConfig.php';

$con = new mysqli($HostName, $HostUser, $HostPass, $DatabaseName);
$json = file_get_contents('php://input');
$obj = json_decode($json); 
$update_array =  $obj['updateArray'];


$sql = "UPDATE users SET harassment_val=? WHERE user_id=?";
$stmt = $con->prepare($sql);
$stmt->bind_param("ii", $content, $id);
foreach ($update_array as $key => $users) {
    $content = $users->harassment_val;
    $id = $users->user_id;
    $result = $stmt->execute();
    if (!$result) {
        echo "Error: $stmt->error <br>";
    }
}
?>

Leave a Reply

Your email address will not be published. Required fields are marked *