Greetings
I have a script in which I am collecting sensitive information via a
form (METHOD=POST) and encrypting the posted variable (format = BLOB)
using mcrypt, then saving it in a MySql table. Using my test
script,everythi ng works fine. Using my production scrypt, everything
works fine for data posted with fewer than 8 characters. If I try to
upload data longer than 8 characters, I get this error message:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near 'ióU¹
”šC!ÊŒB', '01', '2004', NULL, '150')' at line 1
The characters ióU¹”šC!ÊŒB' after "near" are the encrypted characters.
There does not seem to be any difference between the test and production
scrypts.
Here is the syntax I am using for saving the record:
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "myTable"))
{
$insertSQL = sprintf("INSERT INTO myTable (`Date`, LastName,
FirstName, EcryptedBlob) VALUES (%s, %s, %s, %s)",
GetSQLValueStri ng($_POST['Date'], "text"),
GetSQLValueStri ng($_POST['Lastname'], "text"),
GetSQLValueStri ng($_POST['Firstname'], "text"),
GetSQLValueStri ng($encrypted," text"));
php v. 5.0.5
MySql v. 4.1.9
Any help would be appreciated. 3 1975
On Wed, 30 Aug 2006 11:21:47 -0500, Sophisticado <Sophsiticadowr ote:
>I have a script in which I am collecting sensitive information via a form (METHOD=POST) and encrypting the posted variable (format = BLOB) using mcrypt, then saving it in a MySql table. Using my test script,everyth ing works fine. Using my production scrypt, everything works fine for data posted with fewer than 8 characters. If I try to upload data longer than 8 characters, I get this error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ióU¹ ?¨C!ʼB', '01', '2004', NULL, '150')' at line 1
The characters ióU¹?¨C!ʼB' after "near" are the encrypted characters.
There does not seem to be any difference between the test and production scrypts.
Here is the syntax I am using for saving the record:
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "myTable")) {
$insertSQL = sprintf("INSERT INTO myTable (`Date`, LastName, FirstName, EcryptedBlob) VALUES (%s, %s, %s, %s)",
GetSQLValueStri ng($_POST['Date'], "text"),
GetSQLValueStri ng($_POST['Lastname'], "text"),
GetSQLValueStri ng($_POST['Firstname'], "text"),
GetSQLValueStri ng($encrypted," text"));
php v. 5.0.5 MySql v. 4.1.9
Where is "GetSQLValueStr ing" defined?
--
Andy Hassall :: an**@andyh.co.u k :: http://www.andyh.co.uk http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
Andy Hassall <an**@andyh.co. ukwrote in
news:4l******** *************** *********@4ax.c om:
On Wed, 30 Aug 2006 11:21:47 -0500, Sophisticado <Sophsiticadowr ote:
>>I have a script in which I am collecting sensitive information via a form (METHOD=POST) and encrypting the posted variable (format = BLOB) using mcrypt, then saving it in a MySql table. Using my test script,everyt hing works fine. Using my production scrypt, everything works fine for data posted with fewer than 8 characters. If I try to upload data longer than 8 characters, I get this error message:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ióU¹
?¨C!ʼB', '01', '2004', NULL, '150')' at line 1
>> The characters ióU¹?¨C!ʼB' after "near" are the encrypted characters.
There does not seem to be any difference between the test and production scrypts.
Here is the syntax I am using for saving the record:
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "myTable")) { $insertSQL = sprintf("INSERT INTO myTable (`Date`, LastName, FirstName, EcryptedBlob) VALUES (%s, %s, %s, %s)", GetSQLValueStri ng($_POST['Date'], "text"), GetSQLValueStri ng($_POST['Lastname'], "text"), GetSQLValueStri ng($_POST['Firstname'], "text"), GetSQLValueStri ng($encrypted," text"));
php v. 5.0.5 MySql v. 4.1.9
Where is "GetSQLValueStr ing" defined?
Here is the function before the encryption at the top of the script:
function GetSQLValueStri ng($theValue, $theType, $theDefinedValu e = "",
$theNotDefinedV alue = "") {
$theValue = (!get_magic_quo tes_gpc()) ? addslashes($the Value) :
$theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValu e) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theV alue) . "'" :
"NULL"; break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValu e :
$theNotDefinedV alue; break;
}
return $theValue;
}
Sophisticado wrote:
Andy Hassall <an**@andyh.co. ukwrote in
news:4l******** *************** *********@4ax.c om:
>>On Wed, 30 Aug 2006 11:21:47 -0500, Sophisticado <Sophsiticadowr ote:
>>>I have a script in which I am collecting sensitive information via a form (METHOD=POST) and encrypting the posted variable (format = BLOB) using mcrypt, then saving it in a MySql table. Using my test script,every thing works fine. Using my production scrypt, everything works fine for data posted with fewer than 8 characters. If I try to upload data longer than 8 characters, I get this error message:
You have an error in your SQL syntax; check the manual that correspond s to your MySQL server version for the right syntax to use near 'ióU¹
?¨C!ʼB', '01', '2004', NULL, '150')' at line 1
>>>The characters ióU¹?¨C!ʼB' after "near" are the encrypted characters.
There does not seem to be any difference between the test and production scrypts.
Here is the syntax I am using for saving the record:
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "myTable") ) { $insertSQL = sprintf("INSERT INTO myTable (`Date`, LastName, FirstName, EcryptedBlob) VALUES (%s, %s, %s, %s)", GetSQLValueStri ng($_POST['Date'], "text"), GetSQLValueStri ng($_POST['Lastname'], "text"), GetSQLValueStri ng($_POST['Firstname'], "text"), GetSQLValueStri ng($encrypted," text"));
php v. 5.0.5 MySql v. 4.1.9
Where is "GetSQLValueStr ing" defined?
Here is the function before the encryption at the top of the script:
function GetSQLValueStri ng($theValue, $theType, $theDefinedValu e = "",
$theNotDefinedV alue = "") {
$theValue = (!get_magic_quo tes_gpc()) ? addslashes($the Value) :
$theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValu e) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theV alue) . "'" :
"NULL"; break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValu e :
$theNotDefinedV alue; break;
}
return $theValue;
}
Well, among other things, you should be using mysql_real_esca pe_string()
on all text values before you insert/update the database.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== === This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Matt McKay |
last post by:
I've written a php page which allows users to type in a text string and a
key, then choose from a dropdown menu of encryption/decryption cyphers, and
a method (encrypt, decrypt).
The whole thing works, except the mcrypt command doesn't work.
here is my mcrypt command:
if ($method == 0) {
//Encrypt
$output = mcrypt_ecb ($algorithm, $key, $input, MCRYPT_ENCRYPT);
|
by: sams |
last post by:
Iam posting this after trying many tutorials in the NG and failing to
retrieve the blob out of a record. So please bear with me before
before you pull the water hose or flame throwers ......
I can upload a Jpeg image file perfectly. Iam using this snippet to do
that..
<!-- addpic.php snippet !-->
....
$file = fopen($_FILES, "rb");
|
by: sime |
last post by:
Hi,
I have a blob field in a mysql database table. I want to copy a blob
from one record to another. I am having trouble transferring the data
via a php variable. Maybe I need to addslashes or convert to Hex or
something. I've tried a few things but can't quite get it. Here is
simplified code.
mysql_select_db($dbname, $connection);
|
by: hamvil79 |
last post by:
I'm implementig a java web application using MySQL as database.
The main function of the application is basically to redistribuite
documents. Those documents (PDF, DOC with an average size around 2Mb)
are stored in BLOB column.
The amount of documents for the first year should not exceed 5/6 Giga,
but I cannot make prevision for the next years.
Those documents are mainly just accessed (update and delete are not so
|
by: Daniel Schuchardt |
last post by:
Hi @ all,
i'm sure there was a psql-function to transfere my Blob-Data to the
server but I can't remember.
I have a script like this :
UPDATE xy SET z = lo_import('localpath_and_file');
but i want to execute this script from the client and so my blob-data is
| |
by: cricrin |
last post by:
Hello guys!
This is Cristian From Argentina, and I wanted to ask you some help,
I've looking on this and it makes me mad, I found that the error is in
the $content , when y try to insert the record into the table via PHP
code i receive an error message saying that the sin taxis its
incorrect,however if i print the query echo ($query) and i copy and
paste the query in the PHPmyAdmin the insert executes successfully.
the $content variable...
|
by: bimeldip |
last post by:
Hi,
I've been dabbling with mysql php and xml...
I have managed to learn how to upload xml file into mysql datbase and download the file from mysql database to display the content on the file. However the
What i would like to know is how do i manipulate the php codes to display the content on the file in a proper form?...
So far i have done this:
<?
if(isset($_GET))
{
include 'config.php';
|
by: =?UTF-8?Q?Ahmad_=E3=8B=A1_Baitalmal?= |
last post by:
Hi,
I'm having a hard time getting python-mcrypt extension to build.
I installed libmcrypt with --prefix=/usr and I checked that the
library exists
-rwxr-xr-x 1 root wheel 352K Sep 19 16:53 /usr/lib/libmcrypt.
4.4.8.dylib*
lrwxr-xr-x 1 root wheel 21B Sep 19 16:53 /usr/lib/libmcrypt.
4.dylib@ -libmcrypt.4.4.8.dylib
lrwxr-xr-x 1 root wheel 21B Sep 19 16:53 /usr/lib/
|
by: foss |
last post by:
HI all,
I am able to upload the image as blob to mysql. but while displaying the image i cant display it properly .
The code used for uploading image to mysql inserts data into mysql table.The uploading code is:
MYSQL_CONNECT("localhost","root","");
mysql_select_db("sample");
$data = addslashes(fread(fopen($form_data, "r"), filesize($form_data)));
$result=MYSQL_QUERY("INSERT INTO...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |