0

So I am capturing data from an API and storing it in an array that looks like this: stackVar[{user, red, 12}, {user1, green, 13}]

Then I am trying to send that with _POST. After testing I realized I am in fact saving the array properly because console.line(stackVar) works. I also noticed that I am opening the connection to the php file but it closes the connection before posting any data to the php page. Here is what my front end looks like. 

if(results.length == stackVar.length){

var request = new XMLHttpRequest();
request.open('POST', 'http://www.server.com/saveF.php', true);
request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
request.send(JSON.stringify(stackVar));
}

and my back end.

<?php   $conn = new mysqli($sn, $un, $pw, $db);

if ($conn->connect_error) {
    die("connection failed: " . $conn->connect_error);
}



$bInfo = $_POST["stackVar"];
$infoEncoded = json_encode($bInfo);
$getsome = $infoEncoded[0][0];
$sql = "INSERT INTO companies(company) VALUES ('$getsome')";
echo $getsome;



if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}


$conn->close()
?>
krizpers
  • 97
  • 10
  • 1
    Your code is potentially vulnerable to SQL injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. – ADyson Nov 02 '17 at 14:41
  • As regards your actual problem, I think you mean `json_decode($bInfo);` instead of `json_encode($bInfo);`. You are receiving a JSON string from the client, so you want to _decode_ it from JSON into an object. Encoding is the process of translating from a (PHP) object into a JSON string. Check the docs. – ADyson Nov 02 '17 at 14:43
  • You have two basic problems here. (1) You are sending JSON but are claiming to be sending form encoded data. Your content-type should be `application/json` not `application/x-www-form-urlencoded`. (2) This is covered in the duplicate question. – Quentin Nov 02 '17 at 14:43
  • And you say " it closes the connection before posting any data to the php page"...what happens then? Have you watched your browser's network tab and console to see what is sent/received, what errors are thrown? I doubt it would just do what you describe without showing some sort of error. – ADyson Nov 02 '17 at 14:44
  • @ADyson — `$_POST["stackVar"]` will be undefined. – Quentin Nov 02 '17 at 14:44
  • Good lord man!! I hope this isnt live. – A H Bensiali Nov 02 '17 at 14:44
  • @Quentin good point, but I think they will still have the problem I described once they resolve that. – ADyson Nov 02 '17 at 14:44
  • To get json body you must use ```json_decode(file_get_contents('php://input'))```. See https://stackoverflow.com/questions/8945879/how-to-get-body-of-a-post-in-php – Radek Pech Nov 02 '17 at 14:48
  • @ADyson Yes I meant json_decode. That was an typo on me when I was typing this out but the real code says json_decode. let me try looking at the duplicate question to see if it doesn't help. – krizpers Nov 02 '17 at 15:01
  • @RadekPech I am new to PHP can you explain to me what 'php://input' represents? Is that the information being transferred or do i need to change the name? – krizpers Nov 02 '17 at 15:04
  • @krizpers You must use this exactly as written. The ```php://input``` is a special url-like filename that says you want to read the request body that cannot be automatically parsed by PHP (JSON, XML, etc.). See http://php.net/manual/en/wrappers.php.php – Radek Pech Nov 03 '17 at 07:25

0 Answers0