Jump to content

Recommended Posts

Hello again PHP freaks,

 

I have an android application which is using API i'm creating for connecting to the server. Now i'm stuck with uploading profile image to the existing record. 

So this is the activity process of application.

 

User register ----> New record is stored in database

Now user wants to upload profile image, so the record should to be updated ----> get the id of the user that wants to upload profile image, and upload it.

 

This is the code what i have done so far:

public function uploadImage($user_id, $image, $status) {
        $path = "uploads/$user_id.png";
        $actualpath = "http://localhost:8081/timster/uploads/$path";
        $stmt = $this->conn->prepare("UPDATE users SET image = $actualpath, status = ? WHERE id = ?");
        file_put_contents($path, base64_decode($image));
        $stmt->bind_param("sii", $image, $status, $id);
        $stmt->execute();
        $num_affected_rows = $stmt->affected_rows;
        $stmt->close();
        return $num_affected_rows > 0;
    }

And here i'm sending a PUT request for updating user record:

$app->put('/image/:id', 'authenticate', function($user_id) use ($app) {

	// check for required params
	verifyRequiredParams(array('image', 'status'));

	global $user_id;
	$image = $app->request->put('image');
	$status = $app->request->put('status');

	$db = new DbHandler();
	$response = array();

	$result = $db->uploadImage($user_id, $image, $status);
	if ($result) {
		$response["error"] = false;
		$response["message"] = "Image uploaded successfully";
	} else {
		$response["error"] = true;
		$response["message"] = "Image failed to upload";
	}
	echoRespnse(200, $response);
});

This is the error message i'm getting:

file_put_contents(uploads/1.png): failed to open stream: No such file or directory
Edited by Dule95D

You're trying to insert $actualpath straight into the query string, which is of course nonsensical and dangerous. You need a parameter.

 

Also, do not rely on relative paths (like you do with $path). They could be relative to anything, depending on what exactly the current working directory happens to be. Always use absolute paths. You can start with __DIR__, which is the absolute path of the script directory, and then navigate to the file you want:

$upload_dir = __DIR__.'/uploads';
public function uploadImage($user_id, $image, $status) {
        $num_affected_rows = 0;
        $upload_dir = __DIR__.'/uploads';
        if ($stmt = $this->conn->prepare("UPDATE users SET image = '$upload_dir', status = ? WHERE id = ?")) {
            $stmt->bind_param("sii", $image, $status, $user_id); // here i'm getting an error
            $result = $stmt->execute();
            $num_affected_rows = $stmt->affected_rows;
            $stmt->close();

            if ($result) {
                file_put_contents($actualpath, base64_decode($image));
            }

        } else {
            var_dump($this->conn->error);
        }
        
        return $num_affected_rows > 0;
    }

Okay, i have changed that. But now i'm getting a new error:

mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement
Edited by Dule95D

No, you need a parameter for the prepared statement.

 

This is wrong:

UPDATE users SET image = '$upload_dir', status = ? WHERE id = ?
                         ^^^^^^^^^^^^^

This is what you need:

UPDATE users SET image = ?, status = ? WHERE id = ?
                         ^

Also, $upload_dir is just the absolute path of the upload directory. You still need to append the actual filename.

Now it's working, but the converted string from byte is not decoded and stored in folder uploads. Any suggestions?

 

I mean image which is converted to string, is not decoded at insert statement and stored in folder uploads which i have created.

Edited by Dule95D
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.