What do I need to change in my code to solve this warning?
if (isset($_POST["button"]))
{
if ($_POST["button"] == "login")
{
$strQuery = "SELECT * FROM members WHERE username='" . $_POST["username"] . "' OR email='" . $_POST["username"] . "' AND password='" . CryptoJsAes::encrypt($_POST["password"], $g_strKey) . "'";
$result = DoQuery($g_dbFindATradie, $strQuery);
if ($result->num_rows == 1)
{
$row = $result->fetch_assoc();
$member = (object)[];
$member->member_id = $row["id"];
$member->trade = (int)$row["trade_id"];
$member->business_name = $row["business_name"];
$member->first_name = $row["first_name"];
$member->surname = $row["surname"];
$member->abn = $row["abn"];
$member->structure = $row["structure"];
$member->license = $row["license"];
$member->description = $row["description"];
$member->minimum_charge = $row["minimum_charge"];
$member->minimum_budget = $row["minimum_budget"];
$member->maximum_size = $row["maximum_size"];
$member->maximum_distance = $row["maximum_distance"];
$member->unit = $row["unit"];
$member->street = $row["street"];
$member->suburb = $row["suburb"];
$member->state = $row["state"];
$member->postcode = $row["postcode"];
$member->phone = $row["phone"];
$member->mobile = $row["mobile"];
$member->email = $row["email"];
$member->expiry_date = $row["expiry_date"];
$member->username = $row["username"];
$member->password = CryptoJsAes::decrypt($row["password"], $g_strKey);
$member->logo_filename = $row["logo_filename"];
$member->profile_filename = $row["profile_filename"];
// Next we need to get the listb of additional trades.
$member->additional_trades = [];
$result = DoFindQuery1($g_dbFindATradie, "additional_trades", "id", $member->member_id);
if ($result->num_rows > 0)
{
while ($row = $result->fetch_assoc())
{
$member->additional_trades[] = $row["trade_id"];
}
}
echo json_encode($member);
}
}
else if ($_POST["button"] == "save_member_details")
{
if (!IsDuplicateUsername($_POST["member_id"], $_POST["username"]))
{
if (isset($_POST["profile_filename"]))
{
SetFileUploadPurpose($g_strProfile, $_POST["member_id"]);
}
$strQuery = "UPDATE members SET ".
AppendSQLUpdateValues("first_name", $_POST["first_name"],
"surname", $_POST["surname"],
"unit", $_POST["unit"],
"street", $_POST["street"],
"suburb", $_POST["suburb"],
"state", $_POST["state"],
"postcode", $_POST["postcode"],
"phone", $_POST["phone"],
"mobile", $_POST["mobile"],
"email", $_POST["email"],
"username", $_POST["username"],
"password", CryptoJsAes::encrypt($_POST["password"], $g_strKey)
) .
" WHERE id='" . $_POST["member_id"] . "'";
$result = DoQuery($g_dbFindATradie, $strQuery);
if ($result)
{
echo "OK";
}
}
else
{
echo "ERROR: '" . "'" . $_POST["username"] . "' is already in use by another member!";
}
}
else if ($_POST["button"] == "")
{
}
else
{
echo "UNKNOWN BUTTON '" . $_POST["button"] . "!<br>";
}
}
else if (!empty($_POST))
{
$strPurpose = "";
$strMemeberID = "";
DoGetFileUploadPurpose($strPurpose, $strMemberID);
if ($strPurpose == $g_strProfile)
{
$strProfileImageFilename = DoGetProfileImageFilename($strMemberID);
file_put_contents("images/" . $strProfileImageFilename, $_POST);
echo "OK";
}
}
else
{
print_r($_POST);
}
file_put_contents("images/" . $strProfileImageFilename, $_POST) is the culprit.
In my app I am saving a bunch of standard changes to form fields and all that comes through in
else if ($_POST["button"] == "save_member_details")
On of the form fields is an image picker thing.
The contents of the selected file seems to come through as a second POST.
And the raw file data seems to come though inside the $_POST data structure.
That's what it looks like if I do a print_r($_POST) anyway.
How do I read the data in $_POST as raw binary data to be written into a jpg file?