ansaurus

Question

PHP MYSQL file contents escape problem

Answer 1

+2 A:

I don't see why you would want to store a file in a database, but I suggest you take a look at prepared statements.

Franz 2009-12-07 18:37:06

+1 Same thing for mysqli: http://www.php.net/manual/en/mysqli.prepare.php

Daren Schwenke 2009-12-07 18:41:56

Thanks, Daren. Good idea.

Franz 2009-12-07 18:46:04

This worked perfectly, thanks a lot. I'm storing it in the database for a few reasons, can't be executed, database compression, database backup makes a backup of the file etc not sure if these are valids points as just getting started with mysql.Thanks alot

Michael 2009-12-07 19:02:12

*"can't be executed", "database compression", "database backup makes a backup of the file"*. Each of these can be achieved with storage in the filesystem. Maybe when you reach the "50% of app is running" stage, you might want to give time to moving binary files to filesystem storage.

namespaceform 2009-12-07 20:43:06

That is very true, what got me thinking, was which is better? In the database its a backup script, different server, mirroring and all that. Surely in terms of easiest to setup this option is more deploy and go? Not sure about performance though. Although the internet will be most people's bottle neck either way I guess. Are there any negative affects of storing files inside databases?

Michael 2009-12-07 21:43:18

True, performance would be another downside of the database solution.

Franz 2009-12-07 21:50:10

Answer 2

A:

Guess: You may be encountering errors due to the incompatibility between character sets. PDF is probably a binary file so you need to make sure that db column is set up to handle it that.

Joe Philllips 2009-12-07 18:47:34

Yeah I tried blob, large / big blob and binary. Escaping it seemed to be the problem.

Michael 2009-12-07 19:03:47

Answer 3

A:

Beside the escaping problem you might run into "packet too large" errors if the (MySQL) system variable max_allowed_packet is set to a "small" value.
Using the mysqli extension, prepared statements and mysqli_stmt::send_long_data you can avoid both problems.

VolkerK 2009-12-07 18:48:00

I wil have to look into this, hopefully as it is restricted to small files this shouldn't occur. I can always set it to a bigger packet.

Michael 2009-12-07 19:03:06

Answer 4

+1 A:

Hi, I've used the following sequence before, which seems to work nicely, and will store any data into the db, including images, pdfs, arrays of data, etc... :)

Storing the data (can be a string, array, object, etc.);

First, turn the data into a base64 encoded string

$strData = strtr(
             base64_encode(
               addslashes(
                 gzcompress( serialize($dataToStore) , 9)
                 )
               ) , '+/=', '-_,');

Then store that string data in the db...

Retrieving the data;

Extract the string data from the db

decode the data back to what you want (you may need to perform an extra step after this depending on the input data, array, image, etc.)

$returnData = unserialize(
                gzuncompress(
                  stripslashes(
                    base64_decode(
                      strtr($strDataFromDb, '-_,', '+/=')
                    )
                  )
                )
              );

This certainly helped me to store what I needed to store in a mySQL db!

Dave Rix 2009-12-08 00:19:29

Just to be clear... [after reading the above I realised I'd had a bit too much wine :)]The db field you want to store the above data in can just be a plain text field, the base64 encoding turns the output into standard text characters.I'm not sure where exactly I found this code, so I can't take full credit for it, but it does exactly what I required of it...

Dave Rix 2009-12-08 00:22:57

I used a combination of this technique and the prepared statement technique, works wonders and solved ll my problems! Thanks a lot!

Michael 2009-12-09 18:02:31

ansaurus

tags:

views:

answers:

PHP MYSQL file contents escape problem

related questions