FUDforum: comp.lang.php » is mysqli_real_escape_string bullet proof with binary data?

Home » Imported messages » comp.lang.php » is mysqli_real_escape_string bullet proof with binary data?

Show: Today's Messages :: Polls :: Message Navigator

Re: is mysqli_real_escape_string bullet proof with binary data? [message #182297 is a reply to message #182281]

Sat, 27 July 2013 18:10

Pierre Jaury
Messages: 5
Registered: July 2013

Karma:

Junior Member

Jerry Stuckle <jstucklex(at)attglobal(dot)net> writes:

> On 7/27/2013 5:45 AM, Luuk wrote:
>> On 27-07-2013 11:31, The Natural Philosopher wrote:
>>> The target is to create and store thumbnail PNG images in a Mysql
>>> table. Also any tips on actually getting the thumbnail data into a
>>> variable - which package is recommended? I've always used GD, but
>>> never been 100% happy with it
>>>
>>
>> As far as the subject goes, i would say: DO NOT TOUCH binary
>> data.....
>>
>> Simply store it, or not, in your database.....
>
> Bull. Binary data works fine in a database - and storing it there has
> many advantages. Easy backup and improved data integrity are just two
> of them.
>
> A file system is just a database with a different means of access.
> They both store bytes.

Well, there is no harm in *storing* binary data. However, binary data is
no text string and should not be handled as text (first of all, most of
text processing relies on encoding standards, which binary data
obviously do not comply with).

Storing binary data inside a database is perfectly fine. You should not,
however:
* use blobs or large text fields as table indexes, even if text indexing
techniques have been improved
* as a consequence, use them as key for selecting/sorting
* embed them directly in a text request.

Prepared statement have multiple advantages when dealing with
parameters:
* there is no known database-related security issue when dealing with
user supplied parameters as prepared statements bound parameters
(whatever the data encoding or contents)
* the php overhead is reduced when dealing with large or numerous
parameters (no complex/long string is concatenated inside php)
* the database processing is also usually faster because the lexer is
released of most of the request length.

Prepared statements are a best practice, both for performance and
security reasons, go for them ;)

Report message to a moderator

[Message index]

		is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sat, 27 July 2013 09:31
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sat, 27 July 2013 09:45
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sat, 27 July 2013 11:08
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sat, 27 July 2013 13:28
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sat, 27 July 2013 14:36
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sat, 27 July 2013 15:22
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sat, 27 July 2013 15:34
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 23:44
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sun, 28 July 2013 12:54
		Re: is mysqli_real_escape_string bullet proof with binary data? By: J.O. Aho on Sun, 28 July 2013 13:35
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sun, 28 July 2013 13:39
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sun, 28 July 2013 15:25
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sun, 28 July 2013 19:05
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sun, 28 July 2013 19:16
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Mon, 29 July 2013 00:46
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Daniel Pitts on Mon, 29 July 2013 16:17
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Mon, 29 July 2013 18:01
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Mon, 29 July 2013 23:04
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Tue, 30 July 2013 01:02
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Mon, 29 July 2013 18:34
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 13:52
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sat, 27 July 2013 13:58
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 14:36
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 14:43
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Pierre Jaury on Sat, 27 July 2013 18:10
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 23:52
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Denis McMahon on Sat, 27 July 2013 18:38
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Pierre Jaury on Sat, 27 July 2013 20:25
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sat, 27 July 2013 20:59
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sat, 27 July 2013 23:50
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sun, 28 July 2013 15:44
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Pierre Jaury on Sun, 28 July 2013 16:01
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sun, 28 July 2013 16:43
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sun, 28 July 2013 18:31
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sun, 28 July 2013 16:39
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Pierre Jaury on Sun, 28 July 2013 17:56
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sun, 28 July 2013 18:14
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sun, 28 July 2013 19:10
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Norman Peelman on Mon, 29 July 2013 01:13
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sat, 27 July 2013 23:46
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 23:56
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Pierre Jaury on Sun, 28 July 2013 01:55
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sun, 28 July 2013 02:11
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 23:58
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Norman Peelman on Sat, 27 July 2013 13:35
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 13:56
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Norman Peelman on Sun, 28 July 2013 00:01
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sat, 27 July 2013 14:33
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 13:57
		I've always used GD, but never been 100% happy with it (Was: is mysqli_real_escape_string bullet proof with binary data?) By: J.O. Aho on Sat, 27 July 2013 16:09
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Mon, 29 July 2013 18:37
		Re: is mysqli_real_escape_string bullet proof with binary data? By: J.O. Aho on Tue, 30 July 2013 05:31
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Tue, 30 July 2013 06:08
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Scott Johnson on Tue, 30 July 2013 12:35
		Re: is mysqli_real_escape_string bullet proof with binary data? By: J.O. Aho on Tue, 30 July 2013 15:53
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Tue, 30 July 2013 16:37
		Re: is mysqli_real_escape_string bullet proof with binary data? By: tony on Tue, 30 July 2013 09:35
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Denis McMahon on Wed, 31 July 2013 04:56

Previous Topic:	Major trouble with PhpDocumentor
Next Topic:	Education Path to become a PHP developer using free online courses

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Sep 20 02:53:40 GMT 2024

Total time taken to generate the page: 0.06699 seconds