2 
$serv = "xxx";
$user = "xxx"; 
$pass = "xxx"; 
$db = "xxx"; 

$imgloc = "../images/bg.jpg"; 
$image = fopen($imgloc, 'rb'); 
$imageContent = fread($image, filesize($imgloc)); 

$conn = new mysqli($serv, $user, $pass, $db); 

$sql = "INSERT INTO `image`(`advert_id`,`img`) VALUES('1','" . $imageContent . "');"; 
$conn->query($sql);

I'm using the above code to try to insert binary into my MySQL database but nothing is being sent to the database. The $imageContent just appears in the database as null but if I echo $imageContent it seems to show binary data.

advert_id is just a int field and img is a BLOB

Improve this question
4
  • You are vulnerable to sql injection attacks. you can't just stuff random binary garbage into a query string and expect things to work. Commented May 11, 2015 at 18:19
  • php.net/manual/en/mysqli.prepare.php and php.net/manual/en/mysqli-stmt.bind-param.php Commented May 11, 2015 at 18:19
  • What functions should I use to clean it? Commented May 11, 2015 at 18:19
  • 1
    As a tangential comment, I would recommend making sure that you REALLY have a good use case for storing images blobs in MySQL. In a lot of cases, this might not be a good idea when compared to simply storing file references in the database. Commented May 11, 2015 at 18:54

1 Answer 1

Reset to default
5

The reason why your code isn't working is because you need to escape your data.

$imageContent = fread($image, filesize($imgloc)); 
$imageContent = mysqli_real_escape_string($conn, $imageContent);

You are not seeing the syntax error, similar to:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '8 16@#54' at line 1...

  • Because you are not checking for errors.

Visit http://php.net/manual/en/mysqli.error.php and http://php.net/manual/en/function.error-reporting.php, then use the following at the top of your file:

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
// rest of your code

This will signal syntax errors.

Use mysqli with prepared statements, or PDO with prepared statements

Plus, as Mike Brant said in comments, and I quote:

"As a tangential comment, I would recommend making sure that you REALLY have a good use case for storing images blobs in MySQL. In a lot of cases, this might not be a good idea when compared to simply storing file references in the database."

  • Mike speaks the truth. Your database will increase dramatically over time, therefore storing a copy of your files in a folder then making a reference to it, is usually a better idea, but that is entirely up to you.

Read the following Q&A's on Stack:

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.