On Thursday 22 Jul 2010 06:48:08 Mimi Cafe wrote:
> Anyone worked on a project where they have stored pictures in MySQL db from
> Perl program? I need to store pictures in MYSQL and my initial thought was
> a normal insert statement. Now I did a bit of search and people are making
> it completed out there. I have not tried it, but I was thinking of grabbing
> my picture and inserting into the table using a normal SQL insert like:
>
> $dbh->do(qq{insert into mytable (id, pic) values(1,$pic_file_name)});
>
This suffers from a possible SQL injection:
* http://bobby-tables.com/
* http://community.livejournal.com/shlomif_tech/35301.html
Anyway, do you want to store the entire picture (as data) or just its
filename?
Regards,
Shlomi Fish
--
-----------------------------------------------------------------
Shlomi Fish http://www.shlomifish.org/
Rethinking CPAN - http://shlom.in/rethinking-cpan
God considered inflicting XSLT as the tenth plague of Egypt, but then
decided against it because he thought it would be too evil.
Please reply to list if it's a mailing list post - http://shlom.in/reply .
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
