why i am getting 0 at first, while parsing JSON data?

Question

I am new to json, my aim is to maintain the history of specific columns(which are posted through $_POST in php) on every update in mysql using php. I took one json array for the history column and placed it in a while loop, after that I appended the variable which i want to merge with the previous one with array_merge() function. I am getting the output but starting with 0. Let me know how to append the required fields in a proper json format and also how to retrieve the json data in a div tag. Thanks in advance.

PHP Code:

<?php
$query = mysqli_query($conn,"SELECT `history` FROM projects WHERE `no` = '$id'");
  $json_data = array();
     while ($js = mysqli_fetch_assoc($query)) 
     {
       $json_data[] = $js['history'];
       $j = $json_data;
     }
?>  

 <?php
 if(isset($_POST['submit'])){
  if(isset($_GET['id'])){
  $id = $_GET['id'];
  $assign = mysqli_real_escape_string($conn,$_POST['assign']);
  $end_date = mysqli_real_escape_string($conn,$_POST['end_date']);
  $comments = mysqli_real_escape_string($conn,$_POST['comments']);

  $end_date = [
      'assigned_to' => $assign,
      'end_date' => $end_date,
      'comments' => $comments
     ];
 $json = array_merge($j,$end_date);
 $js = json_encode($json);
$ins = mysqli_query($conn,"UPDATE `projects` SET `assigned_to`='$assign',`end_date`='$end_date',
 `status`='$status',`comments`='$comments'`history`= '$js'  WHERE 
`episode_no` = '$id'");
}
}
?>  

JSON data in MYSQL :

{"0":"{"0":"{"0":"","assigned_to":"AAA","end_date":"2018-09-12","comments":"happy"}",
        "assigned_to":"AAA","end_date":"2018-09-12","comments":"jolly"}",
        "assigned_to":"AAA","end_date":"2018-09-12","comments":"xvbcvbdfghdfg"} 

Answer 1

First of all, the answer to your question: you are loading an array of strings in $j , so the array_merge function won't work as expected:

$j[0] = 'some JSON string from DB';

$json = array_merge($j, $end_date);

the array_merge finds that the second argument is a sparse array, so it merges the keys as strings:

$json = [
  '0' => 'the previous string',
  'assigned_to' => ...
]

For your idea to work you probably need to store the new history item by appending to the array:

$j[] = $end_date;
$js = json_encode($j);
...

This would solve your issue.

But there is a very major issue here that you need to solve first. It's a OMG-like WTF-like issue. You are getting $id from user input (query parameters) and sending it to the DB without any fear. Suppose that the user sends

https://your.server/some/path?id=';TRUNCATE TABLE projects --'

(propery url-encoded of course). Now you are sending this to the database:

SELECT `history` FROM projects WHERE `no` = '';TRUNCATE TABLE projects --''

Bye bye projects. A user can do whatever to your database, change passwords, reassign foreign keys, set himself as administrator.

Please for the sake of whatever you believe in, use a proper ORM and never pass user input to the DB!!!