Graham, in  a comment to your  "upload an image to  database" page you talk about  four characters " ' \ and null  to be encoded.
Would you please add  how to encode.Are there special cases where one has to be  cautious with these  characters?
Also, you use "@" before  some commands. Why?
Thank you.
Val


The four special characters mean somthing special within MySQL commands - for example, the " signals the end of a string of text and if you try to put one in the middle of a string of text, it will truncate the whole string then the following text that was SUPPOSED to be in the text will look like separate parts of the command.   With careful malicious engineering, this can lead not only to a failure but to an injection attack.

The solution is the addslashes function in PHP.   Here are two lines from my sample program that uploads an image and stores it in a database:

$instr = fopen("latest.img","rb");
$image = addslashes(fread($instr,filesize("latest.img")));

* Open the file called latest.ing
* Read it all in
* Add backslashes as needed
* Store the resultant string into $image

You can then build it into the query - the complete example is at the link above and you can try it too in our demo area

Thank you very much.

---