0

I'm trying to save some settings into my SQL Database and restore them using ajax and php. But the result is only one long JSON Value instead of 3. So i cant access "setting1" for example.

Settings: "{"setting1":"true","setting2":"false","setting3":"10"}"

this is my savemethod. the variables are all set.

 let newSettings = {
        "setting1": setting1_value,
        "setting2": setting2_value,
        "setting3": setting3_value
    };

    newSettings = JSON.stringify(newSettings);


    var xhttp = new XMLHttpRequest();
    xhttp.open("POST", "save-settings.php");
    xhttp.setRequestHeader("Content-Type", "application/json");


    xhttp.onreadystatechange = function () {
        if (this.readyState == 4 && this.status == 200) {
            console.log(this.responseText);
        }
    };

    xhttp.send(newSettings);

This is the php script to save the settings.

include "connection.php"

$newSettings = file_get_contents("php://input");
$object = json_decode($newSettings, true);

$sql = "UPDATE mytable SET Settings = '$newSettings'";


$result = $connect->query($sql);

And this method should read out the settings from SQL.

include "connection.php";

$sql = "SELECT Settings FROM Leads_Zugriff WHERE atpid = 21001";
$result = $connect->query($sql);


if ($result->num_rows > 0) {
    
    while ($row = $result->fetch_assoc()) {
        print(json_encode($row, true)); 
    }

}

This calls the php script that reads out the settings

function readSettings() {
    var xhttp = new XMLHttpRequest();
    xhttp.onreadystatechange = function () {
        if (this.readyState == 4 && this.status == 200) {
            
            myObj = JSON.parse(this.responseText);
            console.log(myObj);

        }
    };

    xhttp.open("GET", "read-settings.php");
    xhttp.send();
}
Michael
  • 9
  • 1
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Feb 01 '21 at 16:24

2 Answers2

0

You're saving $newSettings directly into the database. $newSettings is a JSON string. Then, then you take it out again, you are running json_encode on on it, which re-encodes it as JSON. So you end up with double-encoded data.

If you're going to store raw JSON in the database then you don't need to encode it again before you return it to the browser.

ADyson
  • 57,178
  • 14
  • 51
  • 63
0

This line here $row = $result->fetch_assoc() returns an associative array as the name suggest. And also you are turning the result into a JSON, that's why you got

Settings: "{"setting1":"true","setting2":"false","setting3":"10"}"

Try to change this line:

print(json_encode($row, true));

into

print($row['Settings'], true);
the91end
  • 101
  • 1
  • 7