Php Android更新MySQL表(Android配置文件)
我正在更新Android应用程序的配置文件。我需要帮助获取JSON值,因为我得到的是空JSON结果——有人能发现错误吗 配置文件更新响应:Php Android更新MySQL表(Android配置文件),php,android,mysql,json,Php,Android,Mysql,Json,我正在更新Android应用程序的配置文件。我需要帮助获取JSON值,因为我得到的是空JSON结果——有人能发现错误吗 配置文件更新响应: {"tag":"profile_update","error":false,"user":{"fname":null,"lname":null,"email":null,"mobile":null,"class":null,"school":null,"uid":null,"profile_pic":null,"created_at":null}} 我的P
{"tag":"profile_update","error":false,"user":{"fname":null,"lname":null,"email":null,"mobile":null,"class":null,"school":null,"uid":null,"profile_pic":null,"created_at":null}}
我的PHP代码:
public function profileUpdate($fname, $lname, $email, $mobile, $class, $school, $uid, $profile_pic){
$result = mysqli_query($this->con, "SELECT * FROM users WHERE unique_id = '$uid'")
or die(mysqli_error($this->con));
$path = "userImages/$uid.png";
$actual_path = "http://192.168.1.101/cedu/login/$path";
$no_of_rows = mysqli_num_rows($result);
if ($no_of_rows > 0) {
$result = mysqli_fetch_array($result);
$old_email = $result['email'];
$old_profile_pic = $result['profile_pic'];
$status = 0;
$otp = rand(100000, 999999); // otp code
if ($old_email == $email) {
if ($old_profile_pic == $profile_pic){
$result = mysqli_query($this->con, "UPDATE `users` SET `firstname` = '$fname',`lastname` = '$lname', `mobile` = '$mobile',`class` = '$class',`school` = '$school'
WHERE `unique_id` = '$uid'") or die(mysqli_error($this->con));
} else {
$result = mysqli_query($this->con, "UPDATE `users` SET `firstname` = '$fname',`lastname` = '$lname', `mobile` = '$mobile',`class` = '$class',`school` = '$school' , `profile_pic` = '$actual_path'
WHERE `unique_id` = '$uid'") or die(mysqli_error($this->con));
file_put_contents($path, base64_decode($profile_pic));
}
} else {
if ($old_profile_pic == $profile_pic){
$result = mysqli_query($this->con, "UPDATE `users` SET `firstname` = '$fname',`lastname` = '$lname', `email` = '$email', `mobile` = '$mobile',`class` = '$class',`school` = '$school' , `otp` = '$otp', `verified` = '$status'
WHERE `unique_id` = '$uid'") or die(mysqli_error($this->con));
} else {
$result = mysqli_query($this->con, "UPDATE `users` SET `firstname` = '$fname',`lastname` = '$lname', `email` = '$email', `mobile` = '$mobile',`class` = '$class',`school` = '$school' , `profile_pic` = '$actual_path', `otp` = '$otp', `verified` = '$status'
WHERE `unique_id` = '$uid'") or die(mysqli_error($this->con));
file_put_contents($path."user".$uid.".jpg", base64_decode($profile_pic));
}
}
} else {
//
return false;
}
}
我不知道这是否与您的问题有关,但您最好先更改潜在易受攻击的代码,因为您之前所做的任何错误跟踪都可能需要再次进行。您的代码可能容易受到SQL注入的影响。我将在下面添加一个(未测试)示例,您需要:
- 明白了吗
- 在应用程序的其余部分进行类似的更改
$result = mysqli_query(
$this->con,
"SELECT * FROM users WHERE unique_id = '$uid'"
) or die(mysqli_error($this->con));
因此,首先让我们将其更改为使用显式列名,并绑定:
$statement = mysqli_prepare(
$this->con,
"SELECT email, profile_pic FROM users WHERE unique_id = ?"
) or die(mysqli_error($this->con));
mysqli_stmt_bind_param($statement, "i", $uid);
mysqli_stmt_execute($statement);
mysqli_stmt_bind_result($statement, $email, $profile_pic);
这里发生了什么事
- 我们使用
类型绑定一个输入变量,该类型指定它是一个整数i
- 我们使用
方法运行查询mysqli\u stmt\u execute
- 我们绑定了一个输出变量列表,对应于
列表中的每个项目SELECT
一旦您进行了这些更改,我建议您逐个检查代码,每次一行,以检查您得到的中间值是否符合预期。我们不会为您调试。调试您的代码,看看有什么问题。如果您对特定代码行有问题,请返回。我对返回值不更新有问题。我在这里要做的第一件事是使用参数绑定-这看起来很容易受到SQL注入的影响。如何更改这一点我在下面添加了一个关于安全问题的答案。我还想知道,您的
if($no\u of\u rows>0){
子句是否应该返回什么?