0

In short, I am trying to figure out what is wrong with my foreach statement. I have been trying to work on finding the error for over a day know and I'm running out of time. This program is supposed to parse a json array and post it up to a mysqli database.

<?php

error_reporting(E_ALL);
ini_set('display_errors', 1);
$a = print_r(var_dump($GLOBALS),1);
echo htmlspecialchars($a);

$servername = "#";
$username = "#";
$password = "#";
$dbname = "#";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
echo "Connection Successful : ";

// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

// Read JSON file
$jsondata = file_get_contents('scripts/AUDIT_DIR/report.json');
echo "JSON File Read : ";

// Convert and Loop
$item = json_decode($jsondata, true);
echo "JSON File Decoded : ";

foreach($item as $arr)
{
    $id = $arr["id"];
    $hostname = $arr["hostname"];
    $ip = $arr["ip"];
    $package = $arr["package"];
    $publisher = $arr["publisher"];
    $origin = $arr["origin"];
    $version = $arr["version"];
    $size = $arr["size"];

    $sql = "INSERT INTO testtable(id, hostname, ip, package, publisher, origin, version, size)
    VALUES ('10', '$hostname', '$ip', '$package', '$publisher', '$origin', '$version', '$size')";

    if (mysqli_query($conn, $sql))
    {
        echo "New record created successfully : ";
    }
    else
    {
        echo "Error: " . $sql . "<br>" . mysqli_error($conn);
    }
}

?>

tross44
  • 1
  • `$item` is supposed to be an array. Have you checked it? – Jay Blanchard Dec 06 '16 at 19:52
  • 2
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Dec 06 '16 at 19:52
  • Can you do a var_dump on the $item and post the output here? – vuryss Dec 06 '16 at 19:52
  • Possible duplicate of [Invalid argument supplied for foreach()](http://stackoverflow.com/questions/2630013/invalid-argument-supplied-for-foreach) – Bruno Ferreira Dec 07 '16 at 00:31
  • Have you tried debugging your code? – Bruno Ferreira Dec 07 '16 at 00:31

1 Answers1

0

You likely have an invalid return from your json_decode() you can check this with a var_dump($item); after your json_decode()

In php json_decode() will return NULL if the json cannot be decoded or if the encoded data is deeper than the recursion limit. http://php.net/manual/en/function.json-decode.php

You need to properly guard for such a case that $item === null and not assume you will always get a valid return for your foreach() params.

Example showing your error happens when $item = null https://3v4l.org/oNr8P

Walt Sorensen
  • 381
  • 3
  • 14
  • Connection Successful : JSON File Read : NULL JSON File Decoded : Warning: Invalid argument supplied for foreach() in /var/www/html/jsonparse.php on line 30 – tross44 Dec 08 '16 at 13:46
  • Exactly your json decode is null. You need to handle that case in your code. additionally you need to figure out why the json decode is null, maybe your json file isn't being read or is not proper json format. – Walt Sorensen Dec 08 '16 at 18:45