Dule95D Posted April 1, 2016 Share Posted April 1, 2016 (edited) Hello again PHP freaks, I have an android application which is using API i'm creating for connecting to the server. Now i'm stuck with uploading profile image to the existing record. So this is the activity process of application. User register ----> New record is stored in database Now user wants to upload profile image, so the record should to be updated ----> get the id of the user that wants to upload profile image, and upload it. This is the code what i have done so far: public function uploadImage($user_id, $image, $status) { $path = "uploads/$user_id.png"; $actualpath = "http://localhost:8081/timster/uploads/$path"; $stmt = $this->conn->prepare("UPDATE users SET image = $actualpath, status = ? WHERE id = ?"); file_put_contents($path, base64_decode($image)); $stmt->bind_param("sii", $image, $status, $id); $stmt->execute(); $num_affected_rows = $stmt->affected_rows; $stmt->close(); return $num_affected_rows > 0; } And here i'm sending a PUT request for updating user record: $app->put('/image/:id', 'authenticate', function($user_id) use ($app) { // check for required params verifyRequiredParams(array('image', 'status')); global $user_id; $image = $app->request->put('image'); $status = $app->request->put('status'); $db = new DbHandler(); $response = array(); $result = $db->uploadImage($user_id, $image, $status); if ($result) { $response["error"] = false; $response["message"] = "Image uploaded successfully"; } else { $response["error"] = true; $response["message"] = "Image failed to upload"; } echoRespnse(200, $response); }); This is the error message i'm getting: file_put_contents(uploads/1.png): failed to open stream: No such file or directory Edited April 1, 2016 by Dule95D Quote Link to comment Share on other sites More sharing options...
ginerjm Posted April 1, 2016 Share Posted April 1, 2016 Is $actualpath correct? Looks like it ends in '/uploads/uploads....'. Quote Link to comment Share on other sites More sharing options...
Dule95D Posted April 1, 2016 Author Share Posted April 1, 2016 I have fixed that and now i'm getting this error: <b>Fatal error</b>: Call to a member function bind_param() on boolean in on this line: $stmt->bind_param("sii", $image, $status, $id); Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted April 1, 2016 Share Posted April 1, 2016 You're trying to insert $actualpath straight into the query string, which is of course nonsensical and dangerous. You need a parameter. Also, do not rely on relative paths (like you do with $path). They could be relative to anything, depending on what exactly the current working directory happens to be. Always use absolute paths. You can start with __DIR__, which is the absolute path of the script directory, and then navigate to the file you want: $upload_dir = __DIR__.'/uploads'; Quote Link to comment Share on other sites More sharing options...
Dule95D Posted April 1, 2016 Author Share Posted April 1, 2016 (edited) public function uploadImage($user_id, $image, $status) { $num_affected_rows = 0; $upload_dir = __DIR__.'/uploads'; if ($stmt = $this->conn->prepare("UPDATE users SET image = '$upload_dir', status = ? WHERE id = ?")) { $stmt->bind_param("sii", $image, $status, $user_id); // here i'm getting an error $result = $stmt->execute(); $num_affected_rows = $stmt->affected_rows; $stmt->close(); if ($result) { file_put_contents($actualpath, base64_decode($image)); } } else { var_dump($this->conn->error); } return $num_affected_rows > 0; } Okay, i have changed that. But now i'm getting a new error: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement Edited April 1, 2016 by Dule95D Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted April 1, 2016 Share Posted April 1, 2016 Read the reply again. Quote Link to comment Share on other sites More sharing options...
Dule95D Posted April 1, 2016 Author Share Posted April 1, 2016 So i should add one more parameter in my function? And then insert passed parameter. But how will i passed url path as parameter? Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted April 1, 2016 Share Posted April 1, 2016 No, you need a parameter for the prepared statement. This is wrong: UPDATE users SET image = '$upload_dir', status = ? WHERE id = ? ^^^^^^^^^^^^^ This is what you need: UPDATE users SET image = ?, status = ? WHERE id = ? ^ Also, $upload_dir is just the absolute path of the upload directory. You still need to append the actual filename. Quote Link to comment Share on other sites More sharing options...
Dule95D Posted April 1, 2016 Author Share Posted April 1, 2016 (edited) Now it's working, but the converted string from byte is not decoded and stored in folder uploads. Any suggestions? I mean image which is converted to string, is not decoded at insert statement and stored in folder uploads which i have created. Edited April 1, 2016 by Dule95D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.