How to fix unexpected 'base64_encode'

2869 views php
0

For some reason, I am getting this error. How do I fix this? Also, is my code vulnerable to SQL injection because of the email but this email is from a session started.

    <?php
    $query = "SELECT image FROM users where email='$email'";
    $result = mysqli_query($link, $query);
    while($row = mysqli_fetch_array($result)){
    echo '<tr><td><img class="im" src="data:image/jpeg;base64,'base64_encode($row['image'] )'" height="80px" width="80px" class="img-thumnail" /></td></tr>';
}
    ?>

answered question

is my code vulnerable to SQL Injection Attack Well YES IT IS

you should cancate base64_encode function

This is a typographical error and is open to injection. Use a prepared statement.

1 Answer

9

echo '<tr><td><img class="im" src="data:image/jpeg;base64,'.base64_encode($row['image'] ).'" height="80px" width="80px" class="img-thumnail" style="margin-bottom:90px;"/></td></tr>';}

You need to concatenate the output from base64_encode() to your outputted string

posted this

Have an answer?

JD

Please login first before posting an answer.