At 3:39 PM +0200 1999-12-15, <sinisa@stripped> wrote:
>Matthew Vanecek writes:
> > sinisa@stripped wrote:
> > >
> > > One additional question:
> > >
> > > If you get bad data from mysql monitor program, have you escaped data
> > > in your .PNG prior to inserting them ??
> > >
> > > Sinisa
> > >
> >
> > No--I uploaded the files via Perl's DBI, so perl took care of that part
> > (I hope?). As far as escaping a fairly large file (bitmap, png,
> > whatever), what's the best way to do that? You'd have to go through some
> > fancy fseeking and mallocing and whatnot to get the data into a variable
> > of the right size, I would think, and then run it through mysql_escape
> > or whatever. Probably will write a proggie to do that, just for fun,
> > esp. since I probably won't be gettin 3.23.x w/load_file anytime soon.
> >
>
>So , that is a mistake !!!!! DBI, as far as I know, does not take care
>of it automatically. MySQL++, on the other hand DOES take care of it
>automatically.
DBI takes care of it automatically if you use placeholders.
If you don't use placeholders, the quote() method will convert the value
properly for direct insertion into the query string.
--
Paul DuBois, paul@stripped
