All geek questions in one place

PHP - Mysql: saving images to the database - escaping special characters

I read this tutorial about storing images in a database. In the tutorial, the author avoids special characters in binary data before inserting: http://www.phpriot.com/articles/images-in-mysql/7 (using addslashes , although mysql_real_escape_string preferable but this is another problem).

The fact is that when displayed, it simply displays the data as it is saved: http://www.phpriot.com/articles/images-in-mysql/8

My questions:

1) Do we need to avoid special characters even for binary field type ( blob )?

2) If so, then we do not need to β€œcancel” the characters again in order to display the image correctly? (If so, what is the best way to do this. Any comments on efficiency? For large images: can shielding and removing restrictions be a big overhead?).

Or is it that my understanding of escaping is completely wrong (and escaping only affects the query, not the final data inserted / saved?).

thanks

In JP

+4
source share
2 answers

Your understanding of escape is wrong. The data inserted into the database is escaped, so the query analyzer sees the information as intended.

Take the line "Jean-Luc" Earl Gray "Picard". Escape Result: 'Jean-Luc \'Earl Grey\' Picard'

When MySQL receives this, it understands that escaped quotes need to be taken literally, this is what escapes mean, and will store them in the database. It will not store escape characters in the database. \ Indicates to MySQL that it must follow the character following it literally.

When retrieving, data is displayed in the application without escape characters, since it is deleted when the request is parsed.

+5
source

1) Do we need to avoid special characters even for binary field type (blob)?

Yes, since mysql_real_escape_string() (which is actually used) provides protection against SQL injection attacks that can easily be placed inside an image file. Any arbitrary data that you upload to the database must be sanitized first.

+1
source

Source: https://habr.com/ru/post/1333885/

More articles:


All Articles