Re: mcrypt blob upload problem to MySQL

From: Sophisticado <Sophsiticado>
Date: Wed, 30 Aug 2006 19:18:52 -0500

Andy Hassall <andy@xxxxxxxxxxx> wrote in
news:4lnbf2hc4akvqm2955c6rb1mlsu1kbp1s4@xxxxxxx:

On Wed, 30 Aug 2006 11:21:47 -0500, Sophisticado <Sophsiticado> wrote:

I have a script in which I am collecting sensitive information via a
form (METHOD=POST) and encrypting the posted variable (format = BLOB)
using mcrypt, then saving it in a MySql table. Using my test
script,everything works fine. Using my production scrypt, everything
works fine for data posted with fewer than 8 characters. If I try to
upload data longer than 8 characters, I get this error message:

You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'ióU¹

?¨C!Ê¼B', '01', '2004', NULL, '150')' at line 1

The characters ióU¹?¨C!Ê¼B' after "near" are the encrypted characters.

There does not seem to be any difference between the test and
production scrypts.

Here is the syntax I am using for saving the record:

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] ==
"myTable")) {
$insertSQL = sprintf("INSERT INTO myTable (`Date`, LastName,
FirstName, EcryptedBlob) VALUES (%s, %s, %s, %s)",
GetSQLValueString($_POST['Date'], "text"),
GetSQLValueString($_POST['Lastname'], "text"),
GetSQLValueString($_POST['Firstname'], "text"),
GetSQLValueString($encrypted,"text"));

php v. 5.0.5
MySql v. 4.1.9

Where is "GetSQLValueString" defined?

Here is the function before the encryption at the top of the script:

function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "") {
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) :
$theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" :
"NULL"; break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue; break;
}
return $theValue;
}
.

Follow-Ups:
- Re: mcrypt blob upload problem to MySQL
  - From: Jerry Stuckle

References:
- mcrypt blob upload problem to MySQL
  - From: Sophisticado
- Re: mcrypt blob upload problem to MySQL
  - From: Andy Hassall

Prev by Date: Re: _POST superglobal empty
Next by Date: newbie - add 15 to number in list
Previous by thread: Re: mcrypt blob upload problem to MySQL
Next by thread: Re: mcrypt blob upload problem to MySQL
Index(es):
- Date
- Thread

Relevant Pages

Re: mcrypt blob upload problem to MySQL
... form and encrypting the posted variable using mcrypt, then saving it in a MySql table. ... corresponds to your MySQL server version for the right syntax to use ... Here is the syntax I am using for saving the record: ...
(comp.lang.php)
Re: mcrypt blob upload problem to MySQL
... then saving it in a MySql table. ... Using my production scrypt, everything ... You have an error in your SQL syntax; ... Here is the syntax I am using for saving the record: ...
(comp.lang.php)
mcrypt blob upload problem to MySQL
... then saving it in a MySql table. ... upload data longer than 8 characters, I get this error message: ... You have an error in your SQL syntax; ... Here is the syntax I am using for saving the record: ...
(comp.lang.php)
How do I debug mysql syntax problems in ruby code?
... I have a mysql syntax problem in my ruby code. ... puts "An error occurred" ...
(comp.lang.ruby)
Re: Aggregation
... Thema nicht besonders gut auskenne und hoffe, dass ich hier jemanden ... GROUP BY-Liste in der SELECT-Liste; MySQL erweitert die SQL Syntax ...
(de.comp.datenbanken.mysql)