0

I do not get an output when the content loaded from the database is much, not even this

[]

It is just empty.
  • But when I have just a few rows it works well.

  • And when there is no content I get as expected these brackets:

    [ ]

Here is the code

<?PHP
    //Verbindung zur Datenbank
    include "inc_mysqli.php";

    //SQL-String
    $sql = "SELECT * FROM term WHERE id_module ='".mysqli_real_escape_string($db, $_GET['id_module'])."'ORDER BY name ASC";

    // Codierung
    mysqli_set_charset("utf8");

    //SQL-Befehl
    $result = mysqli_query($db, $sql);

    //Array erstellen
    $jsonArray = array();

    while($row = mysqli_fetch_assoc($result)) {
        $jsonArray[] = $row;
    }

    //JSON Kodierung
    echo json_encode($jsonArray, JSON_UNESCAPED_UNICODE);   
?>

What do I need to add?

Ero Stefano
  • 556
  • 2
  • 9
  • 27
  • 3
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Dec 19 '16 at 22:10
  • 1
    You haven't given us enough to go on here. How do you set the GET variable? What is in the database? Does `mysqli_real_escape_string()` change the search value in a way that causes your query to fail? – Jay Blanchard Dec 19 '16 at 22:11
  • 1
    Procedural `mysqli_set_charset` needs the connection string. – chris85 Dec 19 '16 at 22:51
  • @chris85 thank, that was the solution! – Ero Stefano Dec 20 '16 at 18:43
  • @JayBlanchard thank you, i will change add prepared statement. – Ero Stefano Dec 20 '16 at 18:43

0 Answers0