how do I insert a api json to my database

Question

good day im trying somethings with php and a api json to make te info from the api to a json array an then to mij database but it doesn't do anything can some one help me

this is my script

<?Php
$connect = mysqli_connect("localhost","test","test","beers");
$url = file_get_contents("https://api.punkapi.com/v2/beers");
$json = json_decode($url, true);


foreach ($json as $row) {


        $sql =  "INSERT INTO Brewdog (naam, tagline, omschrijving) VALUES ('".$row['name']."','".$row['tagline']."',,'".$row['description']."')";
        mysqli_query($connect, $sql);




}
echo "klaar is kees";
?>

in line 10 `('".$row['name']."','".$row['tagline']."',,'".$row['description']."')";` you placed 2 `,` between tagline and description . — Abolfazl Ghaemi, Nov 23 '19 at 21:46

Hamid · Accepted Answer · 2019-11-25T22:02:44.480

As a simple answer maybe there is ' single-quote in your json values.

Old solution:

Security Warning: Escaping is inadequate to prevent SQL injection, use prepared statements instead. Use the strategy outlined below at your own risk. (Also, mysql_real_escape_string() was removed in PHP 7.)

You can using mysqli::real_escape_string to fix it.

    <?Php
$connect = mysqli_connect("localhost","test","test","beers");
$url = file_get_contents("https://api.punkapi.com/v2/beers");
$json = json_decode($url, true);

foreach ($json as $row) {

        $sql =  "INSERT INTO Brewdog (naam, tagline, omschrijving) VALUES ('".mysqli_real_escape_string($connect, $row['name'])."','".mysqli_real_escape_string($connect, $row['tagline'])."',,'".mysqli_real_escape_string($connect, $row['description'])."')";
        mysqli_query($connect, $sql);

}
echo "klaar is kees";
?>

https://www.php.net/manual/en/mysqli.real-escape-string.php

UPDATE security issue use mysqli prepare in order avoiding sql injection

$stmt = $connectn->prepare('INSERT INTO Brewdog (naam, tagline, omschrijving) VALUES (?, ?, ?');
$stmt->bind_param('sss', $row['name'],$row['tagline'],$row['tagline']); // 's' specifies the variable type => 'string'

$stmt->execute();

comment the `mysqli_query($connect, $sql);` and just add the result of `$sql` into an array and then print it and check each sql. `$logarray=[]; foreach ($json as $row) { $sql = "INSERT INTO ..."; //mysqli_query($connect, $sql); $logarray[]=$sql } var_dump($logarray);` — Hamid, Nov 23 '19 at 22:46
it gives back array(25) { [0]=> string(75) "INSERT INTO `Brewdog` (`naam`, `tagline`, `omschrijving`) VALUES ('','','')" [1]=> string(75) " — fathi, Nov 23 '19 at 22:58

score -1 · Answer 2 · answered Nov 23 '19 at 22:12

-1

it dosen't do anything because there is something wrong with your SQL Query .

i suggest you write your SQL Query like this :

$sql = "INSERT INTO Brewdog (naam, tagline, omschrijving) VALUES ('$row[name]','$row[tagline]','$row[description]')";

i think it's more easy to read .

and you may want to see SQL error so use this

if (mysqli_query($connect, $sql)) {
    echo "Record Created";
} else {
    echo mysqli_error($connect);
}

Update

i checked the api and there is some ' in your tagline you should use mysqli_escape_string()

answered Nov 23 '19 at 22:12

Abolfazl Ghaemi

424
2
14

i have tried this but it doesn't work bij my – fathi Nov 23 '19 at 22:42
@fathi so when you added `mysqli_error` what was your error ? – Abolfazl Ghaemi Nov 23 '19 at 22:46
Your code is vulnerable to SQL injection. You should use prepared statements. – Dharman Nov 25 '19 at 09:10

how do I insert a api json to my database

2 Answers2