FUDforum: comp.lang.php » is mysqli_real_escape_string bullet proof with binary data?

Home » Imported messages » comp.lang.php » is mysqli_real_escape_string bullet proof with binary data?

Show: Today's Messages :: Polls :: Message Navigator

Re: is mysqli_real_escape_string bullet proof with binary data? [message #182302 is a reply to message #182299]

Sat, 27 July 2013 23:46

The Natural Philosoph
Messages: 993
Registered: September 2010

Karma:

Senior Member

On 27/07/13 21:25, Pierre Jaury wrote:
> Denis McMahon <denismfmcmahon(at)gmail(dot)com> writes:
>
>> On Sat, 27 Jul 2013 11:45:50 +0200, Luuk wrote:
>>
>>> On 27-07-2013 11:31, The Natural Philosopher wrote:
>>>> The target is to create and store thumbnail PNG images in a Mysql
>>>> table.
>>> As far as the subject goes, i would say:
>>> DO NOT TOUCH binary data.....
>>> Simply store it, or not, in your database.....
>> Is it trying to store binary data as character data, or does it think it
>> needs to string escape binary data types?
> Escaping strings is a concept only useful when building request strings
> that include user supplied data. It does avoid concatenating strings
> whith special/control characters that may interfere with the original
> language. There is no need to escape strings if you do not embed
> them inside your request string (eg. if you use bound parameters).
>
> This is true when dealing with SQL (write prepared statements without
> including any user supplied data, then bind the parameters), bash
> commands that only require one exec (use exec* instead of system), and
> pretty much in any case you construct interpreted code at runtime.
>
> Data sent to MySQL as bound parameters in prepared statements is
> shipped as is, it not escaped or processed in any way before the
> MySQL API structures are filled with it.
Finally an Answer.

> Now, for your binary data
> to be handled as is by the MySQL server (and skip the charset
> processing), the parameter must be bound as MYSQL_TYPE_BLOB, which
> you may control when using bind_param.
>
> See http://fr2.php.net/manual/fr/mysqli-stmt.bind-param.php and the
> "b" (as in binary) flag for details.

--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.

Report message to a moderator

[Message index]

		is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sat, 27 July 2013 09:31
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sat, 27 July 2013 09:45
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sat, 27 July 2013 11:08
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sat, 27 July 2013 13:28
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sat, 27 July 2013 14:36
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sat, 27 July 2013 15:22
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sat, 27 July 2013 15:34
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 23:44
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sun, 28 July 2013 12:54
		Re: is mysqli_real_escape_string bullet proof with binary data? By: J.O. Aho on Sun, 28 July 2013 13:35
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sun, 28 July 2013 13:39
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sun, 28 July 2013 15:25
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sun, 28 July 2013 19:05
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sun, 28 July 2013 19:16
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Mon, 29 July 2013 00:46
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Daniel Pitts on Mon, 29 July 2013 16:17
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Mon, 29 July 2013 18:01
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Mon, 29 July 2013 23:04
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Tue, 30 July 2013 01:02
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Mon, 29 July 2013 18:34
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 13:52
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sat, 27 July 2013 13:58
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 14:36
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 14:43
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Pierre Jaury on Sat, 27 July 2013 18:10
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 23:52
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Denis McMahon on Sat, 27 July 2013 18:38
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Pierre Jaury on Sat, 27 July 2013 20:25
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sat, 27 July 2013 20:59
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sat, 27 July 2013 23:50
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sun, 28 July 2013 15:44
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Pierre Jaury on Sun, 28 July 2013 16:01
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sun, 28 July 2013 16:43
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Sun, 28 July 2013 18:31
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sun, 28 July 2013 16:39
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Pierre Jaury on Sun, 28 July 2013 17:56
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sun, 28 July 2013 18:14
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sun, 28 July 2013 19:10
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Norman Peelman on Mon, 29 July 2013 01:13
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sat, 27 July 2013 23:46
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 23:56
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Pierre Jaury on Sun, 28 July 2013 01:55
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sun, 28 July 2013 02:11
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 23:58
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Norman Peelman on Sat, 27 July 2013 13:35
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 13:56
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Norman Peelman on Sun, 28 July 2013 00:01
		Re: is mysqli_real_escape_string bullet proof with binary data? By: The Natural Philosoph on Sat, 27 July 2013 14:33
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Sat, 27 July 2013 13:57
		I've always used GD, but never been 100% happy with it (Was: is mysqli_real_escape_string bullet proof with binary data?) By: J.O. Aho on Sat, 27 July 2013 16:09
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Luuk on Mon, 29 July 2013 18:37
		Re: is mysqli_real_escape_string bullet proof with binary data? By: J.O. Aho on Tue, 30 July 2013 05:31
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Tue, 30 July 2013 06:08
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Scott Johnson on Tue, 30 July 2013 12:35
		Re: is mysqli_real_escape_string bullet proof with binary data? By: J.O. Aho on Tue, 30 July 2013 15:53
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Jerry Stuckle on Tue, 30 July 2013 16:37
		Re: is mysqli_real_escape_string bullet proof with binary data? By: tony on Tue, 30 July 2013 09:35
		Re: is mysqli_real_escape_string bullet proof with binary data? By: Denis McMahon on Wed, 31 July 2013 04:56

Previous Topic:	Major trouble with PhpDocumentor
Next Topic:	Education Path to become a PHP developer using free online courses

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Sep 20 02:35:54 GMT 2024

Total time taken to generate the page: 0.05179 seconds