Accessing and storing serialize data into a database table

Question

Introduction: There is this data that I will be retrieving from a third party and regardless of the outcome(whether successful or not ), will save the Information into a DB table.

I am able to successfully connect, retrieve and displayed the data but to save the data into the DB Table created for the purpose.

Steps taking so far

I converted the sent data from the third party to a

JSON object

I was able to displayed the JSON object on the Screen but couldn't save it into a DB table.
I converted the JSON object to

SERIALIZE

object in PHP(which I learnt that is the way to go) 4. I was able to displayed the serialize object on the screen also but was unable to save the data to the DB table (Just like in step 2).

WORKINGS

$result2 = curl_exec($ch);
  // Convert returned statement to JSON encode
  $tranx = json_decode($result2);
  
  // Check if it returned a status call and if yes, proceed
  if(!$tranx->status){
    // there was an error from the API
    die('API returned error: ' . $tranx->message);
  }

  if('success' == $tranx->data->status) {
      $trans = serialize($tranx);
      $reference = serialize($tranx->data->reference);
      $integration = serialize($tranx->data->integration);
      $recipient = serialize($tranx->data->recipient);
      $status = serialize($tranx->data->status);
      $request = serialize($tranx->data->request);
      $transId = serialize($tranx->data->id);
      $createdAt = serialize($tranx->data->createdAt);
      
      // Insert the payment info into the payment_info 
      //table and update the members table
      $updateInsert = "UPDATE members SET referral_bonus_received=referral_bonus_received-$withdraw WHERE phone_number={$_SESSION['phone_number']};";
        // Insert transaction details into the db table
        $insert="INSERT INTO transaction_history (reference,intergration,amount,receipient,statuses,request,trans_id) VALUE (?,?,?,?,?,?,?);";
    //$detail= mysqli_query($con,$insertDetails);
    $stmt = $con->prepare($insert);
    $stmt->bind_param("sssssss", $reference, $integration, $amount, $recipient, $status, $request, $transId);
    $stmt->execute();

        // Check if it successfully insert into the DB and redirect if successful
    if($stmt==true){
      header("location:dashboard_n.php");
      exit();
     //echo "Real";
    }

This is just the portion of the code that matters.

What way can I make save this info into the db

**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Jan 14 '22 at 11:32
It seems that your actual issue is SQL injection. Please use prepared statements. If you still have a problem afterwards, please update this question with the code showing prepared statements. — Dharman, Jan 14 '22 at 11:34
The problem is this: the variables are not added to the Database — gbenga ogunbule, Jan 14 '22 at 12:20
Are you getting any errors? Do you even know if this code is executed? Enable MySQL I error reporting and tell me if you get errors — Dharman, Jan 14 '22 at 12:21
The updating part is working well. The updating part has to do with internal variables. That is working fine. Just the external data that i am inserting into a new table isn't working — gbenga ogunbule, Jan 14 '22 at 12:22
[How to get the error message in MySQLi?](https://stackoverflow.com/a/22662582/1839439) — Dharman, Jan 14 '22 at 12:46

Accessing and storing serialize data into a database table

0 Answers0