Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
Python and Tcl - public course schedule [here]
Private courses on your site - see [here]
Please ask about maintenance training for Perl, PHP, Lua, etc
 
addslashes v mysql_real_escape_string in PHP

Bad escaping in MySQL One of the most popular pages on our website is the one that shows you how to upload an image and store it in a database. And the associated demonstration showing you how to view images via a PHP script from a MySQL database is very popular too.

An image may contain and ASCII characters at all ... so you can't just take the image data that you uploaded and put it into the MySQL INSERT statement - special characters such as NULL, and the double quote character, will cause problems - at best like the illustration you see accompanying this posting, and at worst you would leave yourself vulnerable to an injection attack.

PHP provides a number of routines to allow you to add in extra characters to the uploaded image to protect the special characters from the database handler and ensure the data does truly get inserted into the database.

addslashes use to work very nicely before the days of different character encoding - but it can't cope with that encoding in more recent MySQL versions and should no longer be used ...

mysql_escape_string adds in appropriate slashes but it doesn't take care of the current encoding type if it's none-default; this function was deprecated at PHP 4.3.0 and replace by the one you should use ...

mysql_real_escape_string which adds in the appropriate protection taking into proper account the current encoding.

If you're using the mysqli functions rather than the mysql ones, you should use mysqli_real_escape_string which is just an alias to mysql_real_escape_string

(written 2008-07-27, updated 2008-07-30)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
H309 - PHP - Maps, Graphics and Geographics
  [4655] Image indexer / thumbnail display scripts in PHP - (2016-02-25)
  [4437] Adding a PHP build option, rotating an image based on camera data, and a new look at thumbnails in PHP - (2015-02-22)
  [4365] The changing face of Christmas - (2014-12-26)
  [4178] Where are you? How to write a geosensitive application - (2013-09-18)
  [3817] Fpdf - generating .pdf documents easily from your PHP program - (2012-07-24)
  [3734] QR codes with marketing logos embedded - (2012-05-16)
  [3584] QR codes - graphics images that provide quick phone links - (2012-01-18)
  [3536] UK Mapping Data - and more to come - under government Open Data measures - (2011-12-03)
  [3447] Needle in a haystack - finding the web server overload - (2011-09-18)
  [3211] Computer Graphics in PHP - World (incoming data) to Pixel (screen) conversion - (2011-03-24)
  [3197] Finding and diverting image requests from rogue domains - (2011-03-08)
  [3133] An image from a website that occasionally comes out as hyroglyphics - (2011-01-14)
  [3027] Server logs - drawing a graph of gathered data - (2010-11-03)
  [2939] Protecting your images from use out of context - (2010-08-29)
  [2729] Uploading a document or image to its own URL via a browser - (2010-04-18)
  [2675] Redirecting to your main domain for correct security keys - (2010-03-13)
  [2583] Reducing image size on digital photos - PHP - (2010-01-17)
  [2390] Dynamic / changing images on your web page - (2009-09-01)
  [2361] Geocoding - converting address to latitude / Longitude with PHP via Google - (2009-08-14)
  [2343] World Flags in your PHP pages - (2009-08-10)
  [1956] Images for Christmas - (2008-12-21)
  [1923] Making it all worthwhile - (2008-12-04)
  [1756] Ever had One of THOSE mornings? - (2008-08-16)
  [1752] Dynamic maps / geographics in PHP - (2008-08-13)
  [1734] All around the world? - (2008-08-03)
  [1628] Gant charts - drawing them with a PHP script - (2008-05-03)
  [1391] Ordnance Survey Grid Reference to Latitude / Longitude - (2007-10-14)
  [1390] Converting from postal address to latitude / longitude - (2007-10-13)
  [1389] Controlling and labelling Google maps via PHP - (2007-10-13)
  [1194] Drawing hands on a clock face - PHP - (2007-05-19)
  [1104] Drawing dynamic graphs in PHP - (2007-03-09)
  [937] Display an image from a MySQL database in a web page via PHP - (2006-11-22)
  [665] PHP Image viewing application - (2006-04-01)
  [563] Merging pictures using PHP and GD - (2006-01-13)
  [320] Ordnance Survey - using a 'Get a map' - (2005-05-22)

S158 - GUI tools for MySQL
  [572] Giving the researcher power over database analysis - (2006-01-22)


Back to
Bath - Melksham - Devizes. Bus route changes, new timetable
Previous and next
or
Horse's mouth home
Forward to
A future vision for Melksham
Some other Articles
A short Perl example
Equality and looks like tests - Perl
Hot Courses - Perl
A future vision for Melksham
addslashes v mysql_real_escape_string in PHP
Bath - Melksham - Devizes. Bus route changes, new timetable
PHP examples - source code and try it out too
Perl 6 - When will we have a production release?
Some Ruby lesser used functions
A special day - last Friday in July
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2019: 404 The Spa • Melksham, Wiltshire • United Kingdom • SN12 6QL
PH: 01225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/1724_add ... n-PHP.html • PAGE BUILT: Sat May 27 16:49:10 2017 • BUILD SYSTEM: WomanWithCat