-1

I was working on Keith Palmer Quickbooks PHP API. It all works fine and connects. The example queries return the result in arrays. What I wanted to do is run an mysqli insert statement which would run through the results array and save the records in mysqli table.

Here is my code which get's the records from Quickbooks and save it in mysqli table. 

$customers = $CustomerService->query($Context, $realm, "SELECT * FROM Customer");


foreach ($customers as $Customer)
{

//First, we will retrieve the ID, and strip out any spaces/characters.  
$id = $Customer->getId();
$str = preg_replace("/[^0-9]/","",$id);

    //Insert customer into customer tables. 
        $sql = "INSERT INTO Customers (CustomerID__kp, CustomerName, CustomerAddress1, CustomerCity, CustomerCounty, CustomerPostcode, CustomerTelephone) 

            VALUES ('".$str."', 
                    '".$Customer->getFullyQualifiedName()."',
                    '".$Customer->getBillAddr(0)->getLine1()."',
                    '".$Customer->getBillAddr(0)->getCity()."',
                    '".$Customer->getBillAddr(0)->getCountrySubDivisionCode()."',
                    '".$Customer->getBillAddr(0)->getPostalCode()."',
                    '".$Customer->getPrimaryPhone(0)->getFreeFormNumber()."'

                    )
                    ON DUPLICATE KEY 
                    UPDATE CustomerName = '".$Customer->getFullyQualifiedName()."',
                    CustomerAddress1 = '".$Customer->getBillAddr(0)->getLine1()."',
                    CustomerCity = '".$Customer->getBillAddr(0)->getCity()."',
                    CustomerCounty = '".$Customer->getBillAddr(0)->getCountrySubDivisionCode()."',
                    CustomerPostcode = '".$Customer->getBillAddr(0)->getPostalCode()."',
                    CustomerTelephone = '".$Customer->getPrimaryPhone(0)->getFreeFormNumber()."'
                    ";

        $conn->query($sql);

}

?>

My question is I get this error:

Fatal error: Call to a member function getFreeFormNumber() on null in C:\qbapi\quickbooks-php-master\docs\

When I run customer queries, the code gets the customers saved in my quickbooks, and save in my mysqli. But for some reason I get the above error.

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Muhammad Ikram
  • 95
  • 10
  • `$Customer->getPrimaryPhone(0)` is empty or NULL, you need to fix that. – Jay Blanchard Apr 07 '17 at 13:12
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Apr 07 '17 at 13:12
  • When i get the records from the quickbooks not all of them has phone number saved. So there are some records with phones numbers and some don't. In foreach loop **$Customer->getPrimaryPhone(0)** may by null for records that don't have contact number but it will work if the contact number. I still want to save the records nevertheless records has contact number or not. Thanks. – Muhammad Ikram Apr 07 '17 at 13:43
  • If an answer solved your problem, consider accepting the answer. Here's how http://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work then return here and do the same with the tick/checkmark till it turns green. This informs the community, a solution was found. Otherwise, others may think the question is still open and may want to post (more) answers. You'll earn points and others will be encouraged to help you. *Welcome to Stack!* – Jay Blanchard Apr 07 '17 at 13:56

1 Answers1

1

You want to test the value first, then perform the function call and assign the result to a variable. Then use the variable in the query:

foreach ($customers as $Customer)
{

//First, we will retrieve the ID, and strip out any spaces/characters.  
$id = $Customer->getId();
$str = preg_replace("/[^0-9]/","",$id);

// test customer phone number
if(isset($Customer->getPrimaryPhone(0))){
    $CustomerTelephone = $Customer->getPrimaryPhone(0)->getFreeFormNumber();
} else {
    $CustomerTelephone = '';
}

    //Insert customer into customer tables. 
        $sql = "INSERT INTO Customers (CustomerID__kp, CustomerName, CustomerAddress1, CustomerCity, CustomerCounty, CustomerPostcode, CustomerTelephone) 

            VALUES ('".$str."', 
                    '".$Customer->getFullyQualifiedName()."',
                    '".$Customer->getBillAddr(0)->getLine1()."',
                    '".$Customer->getBillAddr(0)->getCity()."',
                    '".$Customer->getBillAddr(0)->getCountrySubDivisionCode()."',
                    '".$Customer->getBillAddr(0)->getPostalCode()."',
                    '".$CustomerTelephone."'

                    )
                    ON DUPLICATE KEY 
                    UPDATE CustomerName = '".$Customer->getFullyQualifiedName()."',
                    CustomerAddress1 = '".$Customer->getBillAddr(0)->getLine1()."',
                    CustomerCity = '".$Customer->getBillAddr(0)->getCity()."',
                    CustomerCounty = '".$Customer->getBillAddr(0)->getCountrySubDivisionCode()."',
                    CustomerPostcode = '".$Customer->getBillAddr(0)->getPostalCode()."',
                    CustomerTelephone = '".$CustomerTelephone."'
                    ";

        $conn->query($sql);

}

WARNING!

Little Bobby says your script is at risk for SQL Injection Attacks.. Even escaping the string is not safe!

Community
  • 1
  • 1
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
  • Thanks for response. I just added your code of checking telephone number. When I click on button which triggers the code I get server error. **Status Code:500 Internal Server Error**....I did add **php(isset)** earlier but It gives me server error. – Muhammad Ikram Apr 07 '17 at 14:04
  • What happens if you echo out `$Customer->getPrimaryPhone(0)`? – Jay Blanchard Apr 07 '17 at 14:21