Issue with JSON in a PHP SQL query

Question

I have a server.php file which is supposed to return a table of ints. Each one of these ints is linked to a key (some ints can have the same key). The table needs to only contain ints linked to a specific key.

To get one of these key, i need to have another key as a parameter.

So the process is :

The server is called by an $http.post (i'm using AngularJS) :

$http.post('server.php', {"data" : parameterKey, "serverFlag" : 4})

(serverFlag is not yet used, and parameterKey is a string)

I then use parameterKey to get anotherKey :

$data = file_get_contents("php://input");
$objData = json_decode($data);

$conn = new PDO(/*something*/);
$outp = [];

$anotherKey  = $conn->query("SELECT anotherKey FROM myTable1 WHERE parameterKey = $objData->data");
$anotherKey  = $anotherKey ->fetch();

Then, i use anotherKey to gather all the ints linked to this key :

$result = $conn->query("SELECT myInt FROM myTable2 WHERE id = $anotherKey  ORDER BY myInt ASC");
while($rs = $result->fetch()) {
        if ($outp != "") {
            array_push($outp,$rs["myInt"]);
        }
}

$outp =json_encode($outp);
echo($outp);

(I don't know if I have made myself very clear so far...)

So i have a JSON error when running this :

Error: JSON.parse: unexpected character at line 1 column 1 of the JSON data

I'm not really sure where the error is. Any ideas ?

EDIT

I have the following error :

Fatal error: Call to a member function fetch() on boolean in C:\wamp64  \www\tests\server.php on line <i>47</i> 
(line 47 =  $anotherKey  = $anotherKey ->fetch();)

What output are you getting in $data after file_get_contents ? — Indrajit, Apr 05 '16 at 07:28
Using `$objData['data']` is not working. I'm new to webdev, so how can i get the content of $data ? — , Apr 05 '16 at 07:44
Check if $_POST["data"] contains what you need. The post may automatically convert to object to post variables instead of just passing a JSON. — apokryfos, Apr 05 '16 at 08:17
I don't think that's the issue. I used a very similar querry : `"SELECT id_text FROM association WHERE id_text LIKE '%".$objData->data."%' "` which is working fine. — , Apr 05 '16 at 08:21
I noticed an error in the response sent by the server. I edited my question. — , Apr 05 '16 at 08:41
I believe that in this line `$anotherKey = $anotherKey ->fetch();` you shouldn't reuse `$anotherKey` variable — rafaelcpalmeida, Apr 05 '16 at 08:46

Gian Marco Toso · Answer 1 · 2016-04-05T08:51:43.753

0

You are interpolating the string the wrong way:

$anotherKey  = $conn->query("SELECT anotherKey FROM myTable1 WHERE parameterKey = $objData->data");

Note how you are calling $objData->data directly. You should do this instead:

$anotherKey  = $conn->query("SELECT anotherKey FROM myTable1 WHERE parameterKey = {$objData->data}");

In PHP you can only interpolate variables in a string. If you are referring to object properties or array items/dictionary keys, you have to enclose them in {}. So this is valid:

$myInterpolatedString = "This is a string with a $variable";

and this is valid:

$myInterpolatedString = "This is a string with a {$object->property}";

while this is not:

$myIncorrectlyInterpolatedString = "This is a string with $object->property";

Edit: on a more security oriented note, you should never feed anything from the input directly to a query, since you are exposing yourself to a security threat (SQL injection). Consider using prepared statements!

edited Apr 05 '16 at 08:51

answered Apr 05 '16 at 08:46

Gian Marco Toso

11,676
5
29
38

Thanks for the help. I thinks that's only one of my error though, since i still have the issue mentioned above. – Apr 05 '16 at 09:01
Then you should try `var_dump`ing `$anotherKey` after the query and see what it looks like. Comment out the rest of the code as well, and use the excellent POSTMan (a Chrome app) to debug your request! – Gian Marco Toso Apr 05 '16 at 09:03
Taking a look at the documentation (https://secure.php.net/manual/en/pdo.query.php) it states that `PDO::query` returns false on failure, so maybe try dividing your problem into smaller ones and solve each one separately? Try storing your query in a string, debug that to see that it's what you want (and try running it directly on the db through phpMyAdmin or the mysql console), then try again with PDO! – Gian Marco Toso Apr 05 '16 at 09:06
I see. I found something that could be my big issue. `$result = $conn->query("SELECT myInt FROM table2");` is returning something, while `$result = $conn->query("SELECT myInt FROM table2 WHERE id = '3dec4242ed76467b9010bba2dcdbed97');` isn't (it's returning an empy table). This is weird, because '3dec4242ed76467b9010bba2dcdbed97' is an id i manually copy pasted from my database. So it should be returning at least the value corresponding to this id... – Apr 05 '16 at 09:24
What happens if you paste that exact same query in phpMyAdmin or run it through the mysql console? – Gian Marco Toso Apr 05 '16 at 09:32
The problem is clearly in your query then! Are you sure the column you are looking for is called `id`? You were using `parameterKey` before... – Gian Marco Toso Apr 05 '16 at 09:37
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/108258/discussion-between-oliviergrech-and-juandemarco). – Apr 05 '16 at 09:38

Issue with JSON in a PHP SQL query

EDIT

1 Answers1