| Re: is mysqli_real_escape_string bullet proof with binary data? [message #182349 is a reply to message #182344] |
Mon, 29 July 2013 23:04   |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
|
Senior Member |
|
|
Further to this thread I THINK I have established a third way to get
clean binary data into a blob.
I looked at what phpmyadmin was doing and developed this code.
( it's just the relevant fragment. Its a screen to upload a single file
and some other form stuff and update the SQL record. )
====================
if($_FILES['uploaded_file']['error']!="")
{
$havefile=FALSE;
}
else
{
$code=file_get_contents($_FILES['uploaded_file']['tmp_name']);
$size=$_FILES['uploaded_file']['size'];
$filename=$_FILES['uploaded_file']['name'];
$havefile=TRUE;
}
if (($id=get_id())>0) // its an update
{
if($havefile)
$query=sprintf("update adminmodule set uri='%s',
descr='%s', privilege_level='%d', filename='%s', size='%d', code=0x%s,
modified_by='%d', modified_on=now() where id='%d'",
$_POST['uri'],$_POST['descr'],$_POST['privilege_level'],$filename,
$size, bin2hex($code), $login_id,$id);
else
$query=sprintf("update adminmodule set uri='%s',
descr='%s', privilege_level='%d', modified_by='%d', modified_on=now()
where id='%d'",
$_POST['uri'],$_POST['descr'],$_POST['privilege_level'],$login_id,$id);
mysqli_query($link,$query);
}
=======================
That is, if you have a variable with binary data in it, run bin2hex()
on it and prepend '0x' to it and throw it at a simple sql update or
insert statement.
I didnt know MySQL accepted hex data in that form.
Not as efficient as a prepared statement for big objects, but its
simple to understand. And it avoids load_file.
In this case its optimal. The code is simple, no FILE privileges are
required. Since inserts and updates are rare things done by a few people
the inefficiency won't load up the server hugely.
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]