PHP error: Only variables should be passed by reference - php

I'm using BlueImp jQuery File Upload with database integration, adapting the script found here.
I changed a bit the handle_file_upload() method like this:
$sql = 'INSERT INTO '.$this->options['db_table'].' (`path`, `type`, `tab`, `item`) VALUES (?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'ssii',
$path = $this->options['upload_url'] . $file->name,
$file->type,
$file->tab,
$file->item
);
but, on the line $path = $this->options['upload_url'] . $file->name, I have a Strict Standards: Only variables should be passed by reference error
Well, I have no idea how to change this...
I tried to look at other answers, but they don't fit into my case: please any help? Thanks

Since it is passed by reference the variable needs to exist before binding
$path = $this->options['upload_url'] . $file->name;
$sql = 'INSERT INTO '.$this->options['db_table'].' (`path`, `type`, `tab`, `item`) VALUES (?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'ssii',
$path,
$file->type,
$file->tab,
$file->item
);

This should work...
$sql = 'INSERT INTO '.$this->options['db_table'].' (`path`, `type`, `tab`, `item`) VALUES (?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$p = $this->options['upload_url'] . $file->name;
$query->bind_param(
'ssii',
$p,
$file->type,
$file->tab,
$file->item
);
You were setting $path's value in the parameter binding. So it wouldn't return anything.

Read more here: Strict Standards: Only variables should be passed by reference
$sql = 'INSERT INTO '.$this->options['db_table'].' (`path`, `type`, `tab`, `item`) VALUES (?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$upload_url = $this->options['upload_url'] . $file->name;
$query->bind_param(
'ssii',
$path = $upload_url,
$file->type,
$file->tab,
$file->item
);

Related

PHP&jQuery upload issue : mySQL database integration

I am using a jquery-file-upload plugin with its own server-side file to run with. like here on github https://github.com/blueimp/jQuery-File-Upload/wiki/PHP-MySQL-database-integration
At first,everything went good,but after I added 2 other value to the database and to the PHP server-end files, it always return an error of 'SyntaxError: Unexpected token <'
here's my modifications of the codes:
protected function handle_form_data($file, $index) {
$untitle = #$_REQUEST['title'][$index];
$potitle = urlencode($untitle);
$file->title = $potitle;
$file->description = #$_REQUEST['description'][$index];
$file->cat =# $_REQUEST['cat'][$index];
}
protected function handle_file_upload($uploaded_file, $name, $size, $type, $url, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $url, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `cat`, `url`, `title`, `description`)'
.' VALUES (?, ?, ?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$url = get_download_url($name, $version = null);
$file->url = $url;
$query->bind_param(
'sisss',
$file->name,
$file->size,
$file->type,
$file->cat,
$file->url,
$file->title,
$file->description
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}

Fatal error after tried to fix update statement

I tried to make the update statement to be safety againts sql injection but its give me this erro Fatal error: Call to a member function bind_param() on a non-object on line 39
$pid = $_POST['pid'];
$pagetitle = $_POST['pagetitle'];
$linklabel = $_POST['linklabel'];
$keyword = $_POST['keyword'];
$descriere = $_POST['descriere'];
$data = $_POST['data'];
$pagebody = $_POST['pagebody'];
// Filter Function -------------------------------------------------------------------
function filterFunction ($var) {
$var = nl2br(htmlspecialchars($var));
$var = str_replace("/", "\\\\", $var);
$var = preg_replace("~/~", "\\\\", $var);
return $var;
}
$pagetitle = filterFunction($pagetitle);
$linklabel = filterFunction($linklabel);
$keyword = filterFunction($keyword);
$descriere = filterFunction($descriere);
$data = filterFunction($data);
$pagebody = filterFunction($pagebody);
// End Filter Function --------------------------------------------------------------
include_once "../conx.php";
// Add the updated info into the database table
$stmt = $con->prepare("UPDATE pages SET (pagetitle, linklabel, keywords, description, pagebody, lastmodified) VALUES (?, ?, ?, ?, ?, ?) WHERE id = ?");
// TODO check that $stmt creation succeeded
// "s" means the database expects a string
$stmt->bind_param("sssssss", $pagetitle, $linklabel, $keyword, $descriere, $pagebody, $data, $pid);
$stmt->execute();
$stmt->close();
line 39 is $stmt->bind_param("sssssss", $pagetitle, $linklabel, $keyword, $descriere, $pagebody, $data, $pid);
it is necessary to make this or i can revert to how it was before
$query = mysqli_query($con, "UPDATE pages SET pagetitle='$pagetitle', linklabel='$linklabel', pagebody='$pagebody', lastmodified='now()' WHERE id='$pid'") or die (mysqli_error($con));
Didn't this produce an error?
$con->prepare("UPDATE pages SET (pagetitle, linklabel, keywords, description, pagebody, lastmodified) VALUES (?, ?, ?, ?, ?, ?) WHERE id = ?");
this should be
$con->prepare("UPDATE pages SET pagetitle=?, linklabel=?, keywords=?, description=?, pagebody=?, lastmodified=? WHERE id = ?");
Refer: http://dev.mysql.com/doc/refman/5.7/en/update.html
now you can proceed to bind parameters
$stmt->bind_param("sssssss", $pagetitle, $linklabel, $keyword, $descriere, $pagebody, $data, $pid);

Add more custom variables to mysql insert on blueimp/jquery-file-upload

I am currently inserting a title and description, via mysql, inside of the blueimp/jquery-file-upload script. I used this tutorial to get me there, however, i need to add another variable. The variable is the session of the current logged in user's ID $_SESSION["userid"], and i want to insert it into a column i added called uid. Usually it's simple to impliment another column into the insert, however this script is very touchy and anytime i mess with it, even the slightest bit, i get "SyntaxError: Unexpected token <". Any help would be greatly appreciated.
/server/php/index.php
$options = array(
'delete_type' => 'POST',
'db_host' => 'localhost',
'db_user' => 'fpform_fanuser',
'db_pass' => '*****',
'db_name' => 'fpform_fandata',
'db_table' => 'files'
);
error_reporting(E_ALL | E_STRICT);
require('UploadHandler.php');
class CustomUploadHandler extends UploadHandler {
protected function initialize() {
$this->db = new mysqli(
$this->options['db_host'],
$this->options['db_user'],
$this->options['db_pass'],
$this->options['db_name']
);
parent::initialize();
$this->db->close();
}
protected function handle_form_data($file, $index) {
$file->title = #$_REQUEST['title'][$index];
$file->description = #$_REQUEST['description'][$index];
}
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`)'
.' VALUES (?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sisss',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
protected function set_additional_file_properties($file) {
parent::set_additional_file_properties($file);
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$sql = 'SELECT `id`, `type`, `title`, `description` FROM `'
.$this->options['db_table'].'` WHERE `name`=?';
$query = $this->db->prepare($sql);
$query->bind_param('s', $file->name);
$query->execute();
$query->bind_result(
$id,
$type,
$title,
$description
);
while ($query->fetch()) {
$file->id = $id;
$file->type = $type;
$file->title = $title;
$file->description = $description;
}
}
}
public function delete($print_response = true) {
$response = parent::delete(false);
foreach ($response as $name => $deleted) {
if ($deleted) {
$sql = 'DELETE FROM `'
.$this->options['db_table'].'` WHERE `name`=?';
$query = $this->db->prepare($sql);
$query->bind_param('s', $name);
$query->execute();
}
}
return $this->generate_response($response, $print_response);
}
}
$upload_handler = new CustomUploadHandler($options);
Assuming you want to change your INSERT query (there is only one INSERT query in the code that you posted), this is what you need to change:
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`, `uid`)'
.' VALUES (?, ?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sisss',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
$_SESSION['userid']
);
$query->execute();
$file->id = $this->db->insert_id;
}
I think you have to add another entry into the first parameter of bind_param:
$query->bind_param(
**'sisss',**
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
$_SESSION['userid']
should be
$query->bind_param(
**'sissss',**
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
$_SESSION['userid']
Minus the asterisks, of course, or whatever the correct data type is (see the parameter types section at http://us.php.net/manual/en/mysqli-stmt.bind-param.php).
One oddity, I tried passing a literal string as the last param, and it threw this error:
"PHP Fatal error: Cannot pass parameter 7 by reference in /var/www/html/jqfileuploadertest/server/php/index.php on line 66"
But when I changed 'mystring' to $file->name it worked fine. This will take some wrestling because I want to timestamp these...I have a feeling just adding "NOW()" isn't going to work...
Updated: I wanted to add two fields for each file, the ID of who uploaded it (which I think is what the OP is looking to do) as well as a timestamp. I added those as hidden inputs in the form:
<input name="contributor[]" type="hidden" value="myuserid" />
<input name="uploadedOn[]" type="hidden" value="2014-03-28 10:00:00" />
If your form is a php script you can dynamically generate both.
Then added this to index.php line ~44:
$file->contributor = #$_REQUEST['contributor'][$index];
$file->uploadedOn = #$_REQUEST['uploadedOn'][$index];
And modified this part of index.php where the sql statement is prepared:
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`,`contributor`, `dateUploaded`)'
.' VALUES (?, ?, ?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sisssss',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
$file->contributor,
$file->uploadedOn
);
And it worked.
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null, $uid) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range, $uid
);
$uid=$_SESSION['userid'];
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`,`uid`)'
.' VALUES (?, ?, ?, ?, ?,?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sisssi',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
$file->uid
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}`
The error you're getting is in the javascript console when you upload the file right? I seems to me that one of the files thats being loaded is 404 not found, and its trying to parse the received 404 page as a script file when really its an html file that starts with <... I had this happen once before. Check under network and view all the resources that are being loaded when it happens. Its likely that the correct 404 headers are not being returned either which is why it would be attempting to parse it.

Extending PHP SQL Query does not work

i am using Blueimp jQuery File Upload script and have this part of code which is working:
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`)'
.' VALUES (?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sisss',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
Now i want to insert just one value which is Memberid. I extended the sql table succesfully with this column "usr_id" and modified the code like this:
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`, `usr_id`)'
.' VALUES (?, ?, ?, ?, ?, ';
$sql = $sql. $_SESSION['Memberid'] .")";
$query = $this->db->prepare($sql);
$query->bind_param(
'sisss',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
But it does not work. I never saw this way of inserting a sql query.
I hope someone can help.
TIA :)
// EDIT
I also tried this now and it does not work too. What I am doing wrong?
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`, `usr_id`)'
.' VALUES (?, ?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
'sisssi',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
"2"
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
According to the manual for 'bind_param' it must be passed variables. Alas, you passed a constant not a variable. i haven't tried the following code but it should do something sensible.
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`, `usr_id`)'
.' VALUES (?, ?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$usrId = 2; // temporary variable to store the usr_id
$query->bind_param(
'sisssi',
$file->name,
$file->size,
$file->type,
$file->title,
$file->description,
$usrId
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}

Fileupload.js + MySQL

i'm kinda new in php with javascript/jQuery... I'm developing a system that must handle uploads. Using fileupload.js everything works but... I can't retrieve file info and store at mysql like name,extension,size,url ... When I try something I got an error message:
SyntaxError: Unexpected token <
The code that starts my problems is:
<?php
$options = array(
'delete_type' => 'POST',
'db_host' => 'localhost:3306',
'db_user' => 'root',
'db_pass' => '123456',
'db_name' => 'house',
'db_table' => 'midias'
);
error_reporting(E_ALL | E_STRICT);
require('UploadHandler.php');
class CustomUploadHandler extends UploadHandler {
protected function initialize() {
$this->db = new mysqli(
$this->options['db_host'],
$this->options['db_user'],
$this->options['db_pass'],
$this->options['db_name']
);
parent::initialize();
$this->db->close();
}
protected function handle_form_data($file, $index) {
$file->title = #$_REQUEST['title'][$index];
$file->description = #$_REQUEST['description'][$index];
}
protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
$index = null, $content_range = null) {
$file = parent::handle_file_upload(
$uploaded_file, $name, $size, $type, $error, $index, $content_range
);
if (empty($file->error)) {
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `description`)'
.' VALUES (?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param(
$file->name,
$file->size,
$file->type,
$file->title, // I will try change for $_SESSION[userID]
$file->description // I will try change for dateOfUpload
);
$query->execute();
$file->id = $this->db->insert_id;
}
return $file;
}
protected function set_additional_file_properties($file) {
parent::set_additional_file_properties($file);
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$sql = 'SELECT `id`, `type`, `title`, `description` FROM `'
.$this->options['db_table'].'` WHERE `name`=?';
$query = $this->db->prepare($sql);
$query->bind_param('s', $file->name);
$query->execute();
$query->bind_result(
$id,
$type,
$title,
$description
);
while ($query->fetch()) {
$file->id = $id;
$file->type = $type;
$file->title = $title;
$file->description = $description;
}
}
}
public function delete($print_response = true) {
$response = parent::delete(false);
foreach ($response as $name => $deleted) {
if ($deleted) {
$sql = 'DELETE FROM `'
.$this->options['db_table'].'` WHERE `name`=?';
$query = $this->db->prepare($sql);
$query->bind_param('s', $name);
$query->execute();
}
}
return $this->generate_response($response, $print_response);
}
}
$upload_handler = new CustomUploadHandler($options);
I just can't figure out whats happening, I hope somebody can give me light
Thank you for attention, and sorry for the huge code ;s
I was experiencing the same problem.
I couln't replace $file->anything with a specific value. I tried 3, '3', "3" ... as int or String. All of those returned the same SyntaxError: Unexpected token
My solution
$myvar = "hvhjvcvv";
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`randomField`, `name`, `size`, `type`, `title`, `description`)'
.' VALUES (?, ?, ?, ?, ?, ?)';
$query = $this->db->prepare($sql);
$query->bind_param('ssisss', $myvar, $file->name, $file->size, $file->type, $file->title, $file->description);
$query->execute();
$file->id = $this->db->insert_id;
Hope this help.
Also note that the bad DB connection will return the same error ;)
Try this:
I change description by date_description; make sure you have that field in your database, and it's a datetime type.
session_start();
$sql = 'INSERT INTO `'.$this->options['db_table']
.'` (`name`, `size`, `type`, `title`, `date_description`)'
.' VALUES (?, ?, ?, ?, now())';
$query = $this->db->prepare($sql);
$query->bind_param(
$file->name,
$file->size,
$file->type,
'$_SESSION[userID]'
);

Categories