发送到服务器时不完整的Base64

Question

I am trying to send an image to server, but the image should be in Base64 format. I am using this function to send it:

func upload_signature_staff(ticket: NSString){
        let defaults = NSUserDefaults.standardUserDefaults()
        let stringOne = defaults.stringForKey(defaultsKeys.staff_id)
        let stringtwo = defaults.stringForKey(defaultsKeys.mst_customer)
        let sig = defaults.stringForKey("staff_signature")
        let request = NSMutableURLRequest(URL: NSURL(string: "http://xxxxxxxxxxxxx/upload.php")!)
        request.HTTPMethod = "POST"
        let postString = "action=add_signature&mst_customer=\((stringtwo!))&ticket=\((ticket))&signature=\((sig!))&current_user=\((stringOne!))&item_type=10"
        print(postString)
        request.HTTPBody = postString.dataUsingEncoding(NSUTF8StringEncoding)
        let task = NSURLSession.sharedSession().dataTaskWithRequest(request) { data, response, error in
            guard error == nil && data != nil else {                                                          // check for fundamental networking error
                print("error=\(error)")
                return
            }

            if let httpStatus = response as? NSHTTPURLResponse where httpStatus.statusCode != 200 {           // check for http errors
                print("statusCode should be 200, but is \(httpStatus.statusCode)")
                print("response = \(response)")
            }

            let responseString = NSString(data: data!, encoding: NSUTF8StringEncoding)
            print("responseString = \(responseString)")
        }
        task.resume()
        //self.performSegueWithIdentifier("goto_main2", sender: self)
    }

The sig variable holds the Base64 string, it is being printed in my console so I can verify that the string is correct. I am also printing the postString and upon inspection it is also correct that the signature is matching the Base64 String. But when I open phpmyadmin, I see the field of my image with incomplete Base64 string, maybe 1/4 is just there.

Here's my php code, in case you want to see it:

<?php
require_once("../c.php");

$action = trim($_POST['action']);

if($action == "add_signature"){
    $mst_customer = trim($_POST['mst_customer']);
    $ticket = trim($_POST['ticket']);
    $signature = trim($_POST['signature']);
    $current_user = trim($_POST['current_user']);
    $item_type = trim($_POST['item_type']);
    $inputtime = time();

    $sql = "INSERT INTO ticket_items SET mst_customer = '$mst_customer', ticket = '$ticket', ticket_item_type = '$item_type', details = '$signature', addedby = '$current_user', lastupdate = '$inputtime' ";

    mysql_query($sql) or die(mysql_error());
}

?>

Answer 1

I think this was solved in the comments but here's a recap:

Inserting base64 strings that were too long (variable length?) in a varchar(255) field resulted in missing data. As far as I can tell, increasing the size of the field solved the immediate problem. I use the term "immediate" because, as @YvesLeBorg pointed out in the comments, this is bound to fail at some point without input size restrictions on the backend.

Additionally, I couldn't ignore the fact that the PHP/SQL code was wide open to injections.

Passing $mst_customer = trim($_POST['mst_customer']); on to "INSERT INTO ticket_items SET mst_customer = '$mst_customer' and then executing via mysql_query($sql) or die(mysql_error()); is dangerous!

Anybody could write anything in the $_POST parameter and SQL would happily accept it. Prepared statements, PDO, input sanitization etc. are there for a reason.

Finally, there was an issue concerning vanishing + signs in the base64 data. This was the result of missing url encoding of the post data.

I think that sums it up.