问题描述
我有一个存储在远程服务器上的图像文件。我只有HTTP访问服务器,所以我使用file_get_contents(URL)获取其内容
I have an image file stored on a remote server. I only have HTTP access to the server, so I'm getting its content using file_get_contents(URL)
我需要将此内容存储在字段中的本地sqlite3数据库中类型'blob'。我正在使用PDO对象连接到数据库,我正在使用
I need to store this content in a local sqlite3 database in a field of type 'blob'. I'm using the PDO object to connect to the database, and I'm using
$db->exec("INSERT INTO myTable (myImageBlob) VALUES
('".file_get_contents($filePath)."')")
将数据添加到数据库。
这不起作用。如果我犯了一个非常无聊的错误,请道歉。我们都必须以某种方式学习......
This isn't working. Apologies if I'm making a really noobish mistake. We all have to learn somehow...
由于我不会深入研究的原因,我不可能在本地存储图像并将URL放入数据库。它/有/存储在blob中。
For reasons I will not delve into, it is not a possibility for me to store the image locally and put the URL in the database. It /has/ to be stored in a blob.
推荐答案
在SQL语句中无法控制的连接数据非常馊主意。例如,图像数据可以包含将终止字符串的引号或将被解释为控制字符的反斜杠。最糟糕的是,有人可能会在您的应用程序中构建虚假映像以注入恶意SQL代码。
Concatenating data you have no control over in an SQL statement is a very bad idea. For instance the image data may contain a quotation mark that will terminate the string or a backslash that will be interpreted as a control character. Worst someone could build a fake image to injects malicious SQL code in your application.
我建议您使用预准备语句:
I suggest you use a prepared statement instead:
$query = $db->prepare("INSERT INTO myTable (myImageBlob) VALUES (?)");
$query->bindParam(1, fopen($filePath, "rb"), PDO::PARAM_LOB);
$query->execute();
请注意,通过将PDO :: PARAM_LOB传递给bindParam(),您可以从流中插入blob的数据。这就是为什么我使用fopen()而不是file_get_contents()
Note that by passing PDO::PARAM_LOB to bindParam() you insert the blob's data from a stream. That's why I'm using fopen() instead of file_get_contents()
这篇关于PHP中的远程映像文件到sqlite blob?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!