0

I have a PHP script that receives a JSON string from an Android app through the hashmap.
This is the json string called obj:

{
"total": "25",
"buyer_id": "1",
"order": [
    { "id": "1", "name": "cosmo" },
    { "id": "5", "name": "Choco" },
    { "id": "22", "name": "gogo" }
]
}

this is the script

$json = $_POST['obj'];
$data = json_decode($json,true);

//initialize the variables to the json object param
$buyer_id = $data->buyer_id;
$total = $data->total;

//insert the order in the orders table
$sql_orders = "insert into orders(buyer_id,total) values 
('$buyer_id','$total')";
$res = mysqli_query($con,$sql_orders);

it seems to me that the json_decode isn't working because the variables are null; when i echo any of of the variables :

echo $data.total;

the output is NULL.

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
nadreen
  • 47
  • 6
  • 1
    shouldn't it be echo $data->total? – Liquidchrome Feb 07 '17 at 14:48
  • 1
    `$data = json_decode($json,true);` param 2 says make everything an array. So loose the second parameter `$data = json_decode($json);` and `$data->buyer_id;` will work – RiggsFolly Feb 07 '17 at 14:48
  • 1
    are you sure that echoing $data->total, but not with dot? – omxv Feb 07 '17 at 14:49
  • 1
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Feb 07 '17 at 14:49
  • after emitting true from json_decode(), the volley returned : com.android.volley.serverError – nadreen Feb 07 '17 at 14:52
  • The only comment without an UV is the one you need to read. You are converting the data type to ARRAY using param 2 of `json_decode()` BUT you are addressing everything as if it were an OBJECT – RiggsFolly Feb 07 '17 at 14:53
  • Which also means you are not reading your ERROR LOG – RiggsFolly Feb 07 '17 at 14:58
  • nothing was 'echo'ed when i used: echo $data->total – nadreen Feb 07 '17 at 14:58
  • why don't you parse it with Gson ? – Jonathan Aste Feb 07 '17 at 15:13

1 Answers1

0

It's because you provided true as second argument to json_decode(); it causes objects to be converted to associative arrays. Thus the dereference operator (->) won't work on $data. You should try to call json_decode() without specifying the second argument.

Note: If you use numeric values in your JSON, it's better to use them as such:

{
    "total": 25,
    "buyer_id": 1,
    "order": [
        {
            "id": 1,
            "name": "cosmo"
        }, {
            "id": 5,
            "name": "Choco"
        }, {
            "id": 22,
            "name": "gogo"
        }
    ]
}

It's better readable.

MC Emperor
  • 22,334
  • 15
  • 80
  • 130