Sorry for the long title.
I am kind of paranoid, so I sanitized $_POST that was treated with JSON.stringify(order) via javascript with
$order = mysqli_real_escape_string($db_upload, htmlspecialchars( strip_tags($_POST['order'])));
before inserting into mysql through mysqli prepared statement.
But when I try to json_decode by
foreach(json_decode($row['order'], true) as $id =>$value){
$sumArray[]= array("item" => $id, "value" => $value);
}
I get "Invalid argument supplied for foreach() ..."
I know json_decode works when inserted value is
{"Hot water":"1"}
but not when inserted value is
{"Hot water":"1"}
In this case, how can I json_decode? Thanks.
edit: I was poor at explaining what I really wanted. As I have mentioned earlier, I already used mysqli prepared statement for inserting the data. I am less worried about sql injection but to advanced xss attacks.
What i really wanted was just how to json_decode
{"Hot water":"1"}
I decided to go easier method: dropping htmlspecialchars. What I did was
$order = mysqli_real_escape_string($db_upload, strip_tags($_POST['order']));
then,
foreach(json_decode(stripslashes($row['order']), true) as $id =>$value){
$sumArray[]= array("item" => $id, "value" => $value);
}
This worked nicely
