Running binary blob data through SQL cleaning handler?

[makeshyft]

Hi everyone.....

I have a handler to clean sql data before it gets executed...... its your standard escape character / tab/ return cleaner...

Code: Select all

replace "'" with "''" in UMPProcessor["Next SQL Query"][PrepareWhichSQLQuery]["SQL Parameter"]
replace quote with quote & quote in UMPProcessor["Next SQL Query"][PrepareWhichSQLQuery]["SQL Parameter"]
replace return with "*RETURN*" in UMPProcessor["Next SQL Query"][PrepareWhichSQLQuery]["SQL Parameter"]
replace tab with "*TAB*" in UMPProcessor["Next SQL Query"][PrepareWhichSQLQuery]["SQL Parameter"]

My question is ..... is it safe to run binary / blob data through this ?..... will binary data like " the imagedata",encrypted or compressed data ever contain these characters that are being cleaned? Just hoping the data will pass through the handlre untouched, but i couldn't be sure.

Ty

[makeshyft]

nevermind......I think the answer is to binarydecode() the data first.

[MaxV]

In order to upload binaries, you need to use the variable in the revExecuteSQL.

The SQLStatement may contain one or more placeholders, which are sequential numbers prepended by a colon. The revExecuteSQL command substitutes the corresponding item in the variablesList for each of these placeholders. For example, if you have two variables called "valueX" and "valueY", you can use a SQLStatement that includes placeholders as follows:

Code: Select all

revExecuteSQL myID, "insert into mytable values(:1,:2,:1)", "valueX","valueY"

when using binaries, you have to insert the *b prefix in variable name; so if you variable containing a binary is "valueX", the correct code is:

Code: Select all

revExecuteSQL myID, "insert into mytable values(:1)", "*bvalueX"

Since the revExecuteSQL command strips the binary marker "*b" and passes it to the database as binary data, rather than text data.