我通过URL获取图像,需要适合并调整大小缩略图并将其存储在BLOB MySql中以便进一步访问多个用户(建议不在BLOB中存储图像不适合此处)。我使用GD类进行转换。
问题是当我尝试将其保存在BLOB列中时,收到此错误消息:
您的SQL语法有错误;查看与您的MySQL服务器版本相对应的手册,以便在'Вў|ö³Ÿ}Г|В™gВѕГёГ... /〜Г«[߇Þû*ВЌ1ГћГ»附近使用正确的语法)IFГ±aIhВґГ“4В(Г ......在第1行的“В«jВїГџГЇГ·Г»”
$im = fill_image_png($link) ; // GD library work
// get the image into the buffer from the image identifier
ob_start();
imagepng($im);
$stringdata = ob_get_contents(); // read from buffer
ob_end_clean(); // delete buffer
$zdata = gzdeflate($stringdata);
$zdata = mb_convert_encoding ($zdata, "utf-8");
//store into mysql db
if (insert_image($_db, $table_name, $item['link'], $zdata ) ) { echo "<em><strong>Image is stored into DB</em></strong><br/>"; }
else { echo "Failed to store image as binary<br/>"; }
存储过程的代码是:
function insert_image($db_handler, $table_name, $link, $image) {
mysqli_query($db_handler,"UPDATE {$table_name} SET Thumbnail = '{$image}' WHERE Link = '{$link}' " );
}
Thumbnail' column is of a MEDIUMBLOB`类型。
有什么不对/遗失?
答案 0 :(得分:0)
我得到了正确的答案,使用mysqli_stmt将参数传递给sql查询。这既适用于避免'; delete from {$tablename};之类的注入,也不需要'转义:
function insert_image($db_handler, $table_name, $link, $image) {
$stmt = mysqli_prepare($db_handler, "UPDATE {$table_name} SET Thumbnail = ? WHERE Link = '{$link}' " );
mysqli_stmt_bind_param($stmt, 's', $image);// whether 's' or 'b' - no avail
// execute prepared statement
if ( !mysqli_stmt_execute($stmt) )
{ echo "Error inserting image into <em><strong>{$table_name}</strong></em>: " . mysqli_error($db_handler) ;
echo "<br/>";
mysqli_stmt_close($stmt);
return False;
}
mysqli_stmt_close($stmt); // close the stmt
return True;
}
现在没有出现SQL错误,但 blob字段保持不变(我使用PHPMyAdmin检查)。 $image变量中的数据不是那么大,能够适应BLOB。怎么了?