0

my php code,

<?php
 header("Content-Type: application/json; charset=UTF-8");
 $obj = json_decode($_GET["x"], false);
 $serverName = "AE58RETY245YU"; 
 $connectionInfo = array( "Database"=>"Test", "UID"=>"bala", 
 "PWD"=>"bala");
 $conn = sqlsrv_connect( $serverName, $connectionInfo);
 if( $conn ) {
 echo "Connection established.<br />";
 }else{
 echo "Connection could not be established.<br />";
 die( print_r( sqlsrv_errors(), true));
 }
 $outp=array();
 $sql = "SELECT Point FROM ".$obj->table."LIMIT".$obj->limit;
 $stmt = sqlsrv_query( $conn, $sql );
 while( $row = sqlsrv_fetch_array( $stmt, SQLSRV_FETCH_ASSOC) ) {
 $outp=$row['Point'];
 }
 echo json_encode($outp);
?>

my html code,

<!DOCTYPE html>
<html>
<body>
<h2>Get data as JSON from a PHP file on the server.</h2>
<p>The JSON received from the PHP file:</p>
<p id="demo"></p>
<script>
var obj, dbParam, xmlhttp;
obj = { "table":"PointEvent", "limit":10 }; 
dbParam = JSON.stringify(obj);
xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
    document.getElementById("demo").innerHTML = this.responseText;
}
};
 xmlhttp.open("GET", "testsql.php?x=" + dbParam, true);
 xmlhttp.send();

</script>

</body>
</html>

Hi ,

Above is my PHP and HTML code,i try to connect sql database using Json(Encode and Decode method) and try to print single column but the error am getting was

'Warning: sqlsrv_fetch_array() expects parameter 1 to be resource, boolean given in'.

Can anyone please help me with this things.

Thanks in Advance.

Andrea
  • 11,801
  • 17
  • 65
  • 72
lala bala
  • 1

2 Answers2

0

I found concatenation issue in your query "add space" otherwise query looks something like "SELECT Point FROM mytableLIMIT1"

From

$sql = "SELECT Point FROM ".$obj->table."LIMIT".$obj->limit;

to 

$sql = "SELECT Point FROM ".$obj->table." LIMIT ".$obj->limit;

Also handle exception properly by adding the line before while 

if( $stmt === false ) { /*!Handle exception here*/ }

It seems you are new to programming. Never trust the raw user input like $_GET["x"] on working with database. Do proper sanitization, otherwise would end up in sql injection.

Go thru the following links to learn more

What are the best PHP input sanitizing functions?

How can I prevent SQL injection in PHP?

VijayNaidu
  • 716
  • 5
  • 5
  • i use space in query, but i didn't get exact output. My output is like Array ( [0] => Array ( [0] => 42000 [SQLSTATE] => 42000 [1] => 102 [code] => 102 [2] => [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Incorrect syntax near '10'. [message] => [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Incorrect syntax near '10'. ) ) – lala bala Jun 01 '18 at 08:09
  • I think it might be the issue of escaping content. Did you used something $ in the query variable content, might be the table name? – VijayNaidu Jun 01 '18 at 08:40
  • sry i didn't get u. can u please write the query here,how to use the $ in the query variable content, might be the table name....pleaseeee – lala bala Jun 01 '18 at 08:46
  • Is the variable $obj->table having string "$" in it? Eg. "mydatabase$mytablename" – VijayNaidu Jun 01 '18 at 08:49
  • Eg. $a = "stack"; $b = " overflow"; echo "$a$b";//stack overflow. echo "$a\$b";//stack$b – VijayNaidu Jun 01 '18 at 08:54
0

Row with $stmt = sqlsrv_query($conn, $sql); statement can cause your problem. I think that $sql is not formed well. I'm not sure that MS SQL Server has 'LIMIT' keyword, so try with this first: $sql = "SELECT Point FROM ".$obj->table; .

You also must always check sqlsrv_query() result, before using sqlsrv_fetch_array():

$sql = "SELECT Point FROM ".$obj->table;
$stmt = sqlsrv_query($conn, $sql);
if( $stmt === false ) {
    echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
    exit;
}
...
Zhorov
  • 28,486
  • 6
  • 27
  • 52