PHP解码,更改和编码JSON
[英]PHP decode, alter and encode JSON
问题描述
我猜这已经在某个地方得到了解决,但是我找不到解决方法,我正在把头发拔掉。 我有一个像这样存储在MySQL中的JSON数组:
[{"ip":"8.8.8.8","name":"Bob"},{"ip":"","name":""},{"ip":"","name":""},{"ip":"","name":""}]
我想替换特定对象的“ ip”和“名称”。 因此,我将$slot_num设置$slot_num类似0的值,并尝试更改值并UPDATE数据库。 下面的SELECT子句应该没问题,因为它在其他地方多次使用。
//Recieves POST info such as ip=1.1.1.1&group=204&slot=3&name=help
$ip = $_POST['ip'];
$group_id = $_POST['group'];
$slot_num = $_POST['slot'] -1; //PHP receives slot num increased by 1. IE- $slot_num 1 would be array[0]
$name = $_POST['name'];
if($result = $mysqli->query("SELECT * FROM `open_groups` WHERE `group_id` = $group_id")) {
$row = mysqli_fetch_array($result);
$slot_ar = json_decode($row['players'], true);
//Check if array has correct number slots
if($slot_num => count($slot_ar) || !is_int($slot_num)){
die('Injection attempt');
}
$slot_ar[$slot_num]['ip'] = $ip;
$slot_ar[$slot_num]['name'] = $name;
$players = json_encode($slot_ar);
$players = $mysqli->real_escape_string($players);
if(!$mysqli->query("UPDATE `open_group` SET players = '$players' WHERE group_id = $group_id")) {
echo $mysqli->error;
exit;
}
if(!$mysqli->query("INSERT INTO `occupied`(`ip`, `group`) VALUES ('$ip', '$group_id')")) {
echo $mysqli->error;
exit;
}
echo "Success";
}
else echo $mysqli->error;
我访问阵列不正确吗?
固定码
$ip = $_POST['ip'];
$group_id = $_POST['group'];
$slot_num = $_POST['slot']; //PHP receives slot num increased by 1. IE- $slot_num 1 would be array[0]
$name = $_POST['name'];
if($result = $mysqli->query("SELECT * FROM `open_groups` WHERE `group_id` = $group_id")) {
$row = mysqli_fetch_array($result);
$slot_ar = json_decode($row['players'], true);
//Check if array has correct number slots
if($slot_num-1 >= count($slot_ar) || !is_numeric($slot_num)){
echo "Injection attempt";
exit;
}
$slot_ar[$slot_num-1]['ip'] = "$ip";
$slot_ar[$slot_num-1]['name'] = "$name";
$players = json_encode($slot_ar);
$players = $mysqli->real_escape_string($players);
if(!$mysqli->query("UPDATE `open_groups` SET players = '$players' WHERE `group_id` = $group_id")) {
echo "Update error";
exit;
}
if(!$mysqli->query("INSERT INTO `occupied`(`ip`, `group`) VALUES ('$ip', '$group_id')")) {
echo "Occupied error";
exit;
}
echo "Success";
}
else echo "Fail";
2 个解决方案
解决方案1
2 2015-02-07 19:36:59
您需要对$ players进行转义,因为json数组充满了引号,因此当您使用查询将其插入数据库时,mysql将难以执行和理解它。
还要在转义后尝试将变量放在单引号内。 尝试这个:
$players = $mysqli->real_escape_string($players);
$mysqli->query("UPDATE `open_group` SET players = '$players' WHERE group_id = '$group_id' ");
解决方案2
2 2015-02-07 20:02:48
正如AlexanderO'Mara指出的那样,您确实应该在mysqli_escape_string()使用bind_param() ,这在某些情况下已被证明是不可靠的。 我使用PDO语句,因此未经测试。
资料来源: mysqli真正的转义字符串,我应该使用它吗?
$slot_num = $_POST['num'];
$name = $_POST['name'];
// Initial select
$sql = "SELECT * FROM `open_groups` WHERE `group_id` = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('d', $group_id);
$stmt->execute();
if ($stmt->errno) {
die("Error : " . $stmt->error);
}
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
$slot_ar = json_decode($row['players'], true); //Get JSON array
// Make sure $slot_num isn't bigger than desired
if($slot_num > count($slot_ar) || !is_int($slot_num)){
die('Injection attempt');
}
// Store new variables in the array
$slot_ar[$slot_num]['ip'] = "$ip";
$slot_ar[$slot_num]['name'] = "$name";
// encode the new $players
$players = json_encode($slot_ar);
// new SQL query
$sql = "UPDATE `open_group` SET players = ? WHERE group_id = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('sd', $players, $group_id);
$stmt->execute();
if ($stmt->errno) {
die("Error : " . $stmt->error);
}
}
PHP上的JSON编码和解码
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.