Re: inserting images into Sybase db

we use 'cgi' and plain sql for this. eg:

# Untested snips of code

if ($query->param('type') eq 'upload') {
    my $cgi = new CGI;
    my $fh = $cgi->param($upload_field_name);
    
    while (read($fh,$buffer,BUFFER_SIZE)) {
        $value .= $buffer;
    }
  # mind the danger of this sql syntax, where $value may be 
  # a ; separated value to some 'hackers'.
  # however, i believe DBI::Sybase doesn't allow ? and execute($value)
+;
  # use a regexp to filter out update, delete, create, alter etc.
  $sth = $dbh->prepare('update table set value = ' . $value . ' where 
+...');
  

}
[download]

Comment on Re: inserting images into Sybase db Download Code

Replies are listed 'Best First'.
Re^2: inserting images into Sybase db by Joost (Canon) on Mar 01, 2005 at 15:15 UTC
Sybase doesn't support binding blob fields, but please use the $dbh->quote() function on that data first. "What should it profit a man, if he should win a flame war, yet lose his cool?"	[reply]