2

I am implementing Backbone.js, and I am just trying to understand how the sync function works. To keep it very simple, here is the model.

var Item = Backbone.Model.extend({
defaults: {
 name: "Goo"
},
url: "commlink.php"
});

and then

Backbone.sync("create", item);

This is my commlink.php

$item=json_decode($_POST);
$name=$item->name;
$results=$mdb2->query("INSERT INTO list VALUES (NULL, '$name')");

I see a new row show up in my DB, however, the field "name" is blank. I tried both item.save() and the above method...both ended up with the same blank cell but a new entry.

This is the error in chrome in network/content:

<b>Warning</b>: json_decode() expects parameter 1 to be string, array given in ...XXX...

This is in the request payload:

{"name":"Goo"}
asked Aug 2, 2011 at 1:39
5
  • please have a look at this post stackoverflow.com/questions/5096549/… Commented Aug 2, 2011 at 5:51
  • As far as i am aware the $_POST variable is a superglobal array, i.e. it will always be an array. Commented Aug 2, 2011 at 22:32
  • How do you think I can "receive" this request then...as described officially: "Backbone.sync is the function that Backbone calls every time it attempts to read or save a model to the server. By default, it uses (jQuery/Zepto).ajax to make a RESTful JSON request"-Backbone.js Commented Aug 2, 2011 at 22:38
  • json_decode() will only take a string because thats what it does, it decodes a json string. stackoverflow.com/questions/6207286/… says to use $GLOBALS['HTTP_RAW_POST_DATA'] Commented Aug 2, 2011 at 22:38
  • You should also consult the standard SQL injection question here on SO, stackoverflow.com/questions/332365/…. Commented Aug 15, 2011 at 1:56

3 Answers 3

4 
$rawJSONString = file_get_contents('php://input');
$item = json_decode($wrapperString);
//$item->name is the data you want
answered Aug 2, 2011 at 1:55
Sign up to request clarification or add additional context in comments.

8 Comments

I did as you said. It's still giving me a new row with a blank field
Have you looked at the raw JSON POST request body in the browser's debug console? Can you add the JSON content to your question so we can have a look? Are you sure the problem isn't when you build up your SQL statement string?
Where can I find that in chrome or IE?
In Chrome it's in the View > Developer > Javascript Console menu item. In there use the "Network" tab and you will be able to see the request body.
This is what it is: <b>Warning</b>: json_decode() expects parameter 1 to be string, array given in.... <b> I thought the backbone.sync makes json coded automatically? "Backbone.sync is the function that Backbone calls every time it attempts to read or save a model to the server. By default, it uses (jQuery/Zepto).ajax to make a RESTful JSON request"-Backbone.js
|
1 
$item = json_decode(file_get_contents('php://input'), true);
print_R($item);

Found this is more helpful

https://coderwall.com/p/vwvy_a

answered Jul 30, 2014 at 16:40

Comments

0

SECURITY NOTE: as pointed out in the comment this is not the way you should ACTUALLY insert the user provided content into your database, this is simply to show you how to get access to the array information as JSON, you should use prepared statements, a framework database adapter, or some other appropriate solution for escaping the user provided content before sticking it into the database.

You're trying to run an array ($_POST) through a function (json_decode) that only accepts a string. The solution in this specific example would be to do this:

$results=$mdb2->query("INSERT INTO list VALUES (NULL, '{$_POST['name']}')");

This would work because you're accessing $_POST as the associative array that it is.

However what I think you actually want to do is first convert the $_POST array to json, then decode it so you can use it the way you wanted to (accessing it as an object, which the json_decode returns):

$item=json_encode($_POST);
$item=json_decode($item);
$name=$item->name;
$results=$mdb2->query("INSERT INTO list VALUES (NULL, '$name')");

For reference:

http://php.net/manual/en/function.json-decode.php

http://php.net/manual/en/function.json-encode.php

answered Aug 15, 2011 at 1:49

2 Comments

This is hideously unsafe. Please never blindly dump user-provided input directly into SQL strings; use PDO prepared statements, or your framework's database adapter.
Updated Answer accordingly with a warning - you're right, I was specifically and only addressing the question which was asked, which was how to address the problem he was having with json_encode/json_decode that showed a lack of understanding of how they worked. You should ALWAYS escape any user provided data before it goes into your database, as you said by using prepared statements or a database adapter from the framework.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.