I knew that there are several similar questions, also I am aware that best practice is to keep images on server but I was told to do this way... Well I am sending base64 string from android to php webservice. I am sending it right, also tested via Postman to be sure that problem is not android but service. I have error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'oX?떧?=j?b?ED?Nϯ??=?|?pv??ёQv}gX?' at line 2
<?php
header('Content-Type: text/html; charset=utf-8');
// array for JSON response
$response = array();
// include db connect class
require_once '../config/db_connect.php';
$db = new DB_CONNECT();
$host_id = $_POST['host_id'];
$name = $_POST['event_name'];
$description = $_POST['event_description'];
$date = $_POST['date'];
$photo = $_POST['photo'];
// get all products from products table
$escaped = mysql_escape_string ($photo);
$photo_blob = base64_decode($escaped);
//echo $photo_blob;
$result = mysql_query(
'INSERT INTO dogadjaj (host_id, name, description, date, photo)
VALUES ("' . $host_id . '" ,"' . $name .'", "' . $description . '", "' . $date . '", "' . $photo_blob . '");')
or die(mysql_error());
?>
mysql_*functions. They've been deprecated for a long time and removed in PHP7. Second, learn about prepared statements. You are currently vulnerable to SQL injection. Third, why would you runmysql_escape_string()beforebase64_decode()?base64_encode();notbase64_decode();to generate a base64 encoded string.