douyun1852 2015-07-24 08:43
浏览 121
已采纳

为foreach()警告提供的参数无效

I want to insert json array data in mysql table. I have written this code.

if (mysqli_connect_errno()){
    $response["success"] = 0;
    $response["message"] = "Database Error!";   
    die(json_encode($response));
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// Check connection
if ($con->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
echo "Connected successfully";

if(isset($_GET['doctorJson'])){

    $json = $_GET['doctorJson'];

    $array = json_decode($json, true);

    foreach($array as $item){

        $result = mysqli_query($con, "INSERT IGNORE INTO doctor_visit_track (id, doctor_name, doctor_email, date, time) VALUES 
            ('".$item['id']."', '".$item['doctorName']."', '".$item['doctorEmail']."', '".$item['date']."', '".$item['time']."')");

            }

    if($result){
        $response["message"] = "Success";
        echo json_encode($response);
    } else{
        $response["message"] = "Failure";
        echo json_encode($response);
        }
    }

mysqli_close($con);

Above code is working fine when I am using xampp. But when I have uploaded this code to server then same code is giving warning " Invalid argument supplied for foreach()" and not inserting in table. But using in xampp, code is working fine and inserting data successfully. Somebody help me..

  • 写回答

2条回答 默认 最新

  • doubo1883 2015-07-24 09:14
    关注

    Not a complete answer but an observation that your code is vulnerable to SQL injection. Try:

    $sql = <<<EOF
INSERT IGNORE INTO 
  doctor_visit_track (id, doctor_name, doctor_email, date, time) VALUES 
  ('?', '?', '?', '?"', '?')")
EOF;

$stmt = mysqli_prepare( $con, $sql);

foreach ($array as $item){
    mysqli_stmt_bind_param( $stmt, "sssss",
      $item['id'], $item['doctorName'], $item['doctorEmail'],
      $item['date'],$item['time']
      );
    $result = mysqli_stmt_execute($stmt);
    // rest of your code
};

    Incidentally, you also had $con and $conn (2 'n') as your connect variable - hope you don't have this in your code.

    I can't tell for certain but your code may be confusing the OO (object oriented) and procedural form of mysqli. Stick to one or the other (OO form ideally)

    For example in your original code, say someone sent you a malicious JSON object similar to the following:

    {
"id" : "hackerid",
"doctorName" : "I am a Hacker",
"doctorEmail": "hacker@hacker.com",
"date": "1999-12-31",
"time": "\"); drop table doctor_visit_track; -- Muhahahaha "
}

    ...you would not be happy with the result.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?
  • ¥20 怎么用dlib库的算法识别小麦病虫害
  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?