我在PHP代码中有问题...任何人都可以更改我的PHP代码上传图像并在用户更新其个人资料时更新所有数据。我有一个保存按钮来更新所有数据...
public function profileUpdate($fname, $lname, $email, $mobile, $uid, $profile_pic){
$result = mysqli_query($this->con, "SELECT * FROM users WHERE unique_id = '$uid'")
or die(mysqli_error($this->con));
$no_of_rows = mysqli_num_rows($result);
if ($no_of_rows > 0) {
$result = mysqli_fetch_array($result);
$old_email = $result['email'];
$status = 0;
$otp = rand(100000, 999999); // otp code
if ($old_email == $email) {
$result1 = mysqli_query($this->con, "UPDATE `users` SET `firstname` = '$fname', `lastname` = '$lname', `mobile` = '$mobile', `profile_pic` = '$profile_pic'
WHERE `unique_id` = '$uid'") or die(mysqli_error($this->con));
return $result1;
} else {
$result1 = mysqli_query($this->con, "UPDATE `users` SET `firstname` = '$fname',`lastname` = '$lname', `email` = '$email', `mobile` = '$mobile', `profile_pic` = '$profile_pic', `otp` = '$otp', `verified` = '$status'
WHERE `unique_id` = '$uid'") or die(mysqli_error($this->con));
return $result1;
}
} else {
// user not found
return false;
}
}
android片段中的图像选择器
Intent intent = new Intent();
intent.setType("image/*");
intent.setAction(Intent.ACTION_GET_CONTENT);
startActivityForResult(Intent.createChooser(intent, "Select Picture"), PICK_IMAGE_REQUEST);
保存按钮代码
String fname = eFirstName.getEditText().getText().toString();
String lname = eLastName.getEditText().getText().toString();
String email = eEmail.getEditText().getText().toString();
String mobile = eMobile.getEditText().getText().toString();
String uid = user.get("uid");
String profile_pic = getStringImage(bitmap);
profileUpdate(fname,lname,email,mobile,aclass,school,uid,profile_pic);
onActivityResults代码
public void onActivityResult(int requestCode, int resultCode, Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if (requestCode == PICK_IMAGE_REQUEST && resultCode == getActivity().RESULT_OK && data != null && data.getData() != null) {
filePath = data.getData();
try {
bitmap = MediaStore.Images.Media.getBitmap(getActivity().getContentResolver(), filePath);
eProfilePic.setImageBitmap(bitmap);
} catch (IOException e) {
e.printStackTrace();
}
}
}
public String getStringImage(Bitmap bmp){
ByteArrayOutputStream baos = new ByteArrayOutputStream();
bmp.compress(Bitmap.CompressFormat.JPEG, 100, baos);
byte[] imageBytes = baos.toByteArray();
String encodedImage = Base64.encodeToString(imageBytes, Base64.DEFAULT);
return encodedImage;
}
排球请求代码
private void ProfilePic(final String fname, final String lname, final String email, final String mobile, final String uid, final String profile_pic) {
..............................................
..........................................................
@Override
protected Map<String, String> getParams() {
// Posting parameters to login url
Map<String, String> params = new HashMap<String, String>();
params.put("tag", "profile_update");
params.put("fname", fname);
params.put("lname", lname);
params.put("email", email);
params.put("mobile", mobile);
params.put("uid", uid);
params.put("profile_pic", profile_pic);
return params;
}