| |||||||||||
4 characters in mysql Posted by val (val), 22 January 2006 Graham, in a comment to your "upload an image to database" page you talk about four characters " ' \ and null to be encoded.Would you please add how to encode.Are there special cases where one has to be cautious with these characters? Also, you use "@" before some commands. Why? Thank you. Val Posted by admin (Graham Ellis), 22 January 2006 The four special characters mean somthing special within MySQL commands - for example, the " signals the end of a string of text and if you try to put one in the middle of a string of text, it will truncate the whole string then the following text that was SUPPOSED to be in the text will look like separate parts of the command. With careful malicious engineering, this can lead not only to a failure but to an injection attack.The solution is the addslashes function in PHP. Here are two lines from my sample program that uploads an image and stores it in a database: $instr = fopen("latest.img","rb"); $image = addslashes(fread($instr,filesize("latest.img"))); * Open the file called latest.ing * Read it all in * Add backslashes as needed * Store the resultant string into $image You can then build it into the query - the complete example is at the link above and you can try it too in our demo area Posted by val (val), 22 January 2006 Thank you very much.This page is a thread posted to the opentalk forum
at www.opentalk.org.uk and
archived here for reference. To jump to the archive index please
follow this link.
|
| ||||||||||
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho |