FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » is mysqli_real_escape_string bullet proof with binary data?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: is mysqli_real_escape_string bullet proof with binary data? [message #182349 is a reply to message #182344] Mon, 29 July 2013 23:04 Go to previous messageGo to previous message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
Senior Member
Further to this thread I THINK I have established a third way to get
clean binary data into a blob.
I looked at what phpmyadmin was doing and developed this code.
( it's just the relevant fragment. Its a screen to upload a single file
and some other form stuff and update the SQL record. )
====================
if($_FILES['uploaded_file']['error']!="")
{
$havefile=FALSE;
}
else
{
$code=file_get_contents($_FILES['uploaded_file']['tmp_name']);
$size=$_FILES['uploaded_file']['size'];
$filename=$_FILES['uploaded_file']['name'];
$havefile=TRUE;
}
if (($id=get_id())>0) // its an update
{
if($havefile)
$query=sprintf("update adminmodule set uri='%s',
descr='%s', privilege_level='%d', filename='%s', size='%d', code=0x%s,
modified_by='%d', modified_on=now() where id='%d'",
$_POST['uri'],$_POST['descr'],$_POST['privilege_level'],$filename,
$size, bin2hex($code), $login_id,$id);
else
$query=sprintf("update adminmodule set uri='%s',
descr='%s', privilege_level='%d', modified_by='%d', modified_on=now()
where id='%d'",
$_POST['uri'],$_POST['descr'],$_POST['privilege_level'],$login_id,$id);
mysqli_query($link,$query);
}
=======================
That is, if you have a variable with binary data in it, run bin2hex()
on it and prepend '0x' to it and throw it at a simple sql update or
insert statement.

I didnt know MySQL accepted hex data in that form.

Not as efficient as a prepared statement for big objects, but its
simple to understand. And it avoids load_file.

In this case its optimal. The code is simple, no FILE privileges are
required. Since inserts and updates are rare things done by a few people
the inefficiency won't load up the server hugely.

--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Major trouble with PhpDocumentor
Next Topic: Education Path to become a PHP developer using free online courses
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Nov 25 03:37:02 GMT 2024

Total time taken to generate the page: 0.04597 seconds