LiveCode Forums.

Questions and answers about the LiveCode platform.
https://www.forums.livecode.com/

Running binary blob data through SQL cleaning handler?

https://www.forums.livecode.com/viewtopic.php?f=12&t=19050

Page 1 of 1

Running binary blob data through SQL cleaning handler?

Posted: Sat Feb 08, 2014 8:16 pm
by makeshyft
Hi everyone.....

I have a handler to clean sql data before it gets executed...... its your standard escape character / tab/ return cleaner...

Code: Select all

replace "'" with "''" in UMPProcessor["Next SQL Query"][PrepareWhichSQLQuery]["SQL Parameter"]
replace quote with quote & quote in UMPProcessor["Next SQL Query"][PrepareWhichSQLQuery]["SQL Parameter"]
replace return with "*RETURN*" in UMPProcessor["Next SQL Query"][PrepareWhichSQLQuery]["SQL Parameter"]
replace tab with "*TAB*" in UMPProcessor["Next SQL Query"][PrepareWhichSQLQuery]["SQL Parameter"]
My question is ..... is it safe to run binary / blob data through this ?..... will binary data like " the imagedata",encrypted or compressed data ever contain these characters that are being cleaned? Just hoping the data will pass through the handlre untouched, but i couldn't be sure.

Ty

Re: Running binary blob data through SQL cleaning handler?

Posted: Sat Feb 08, 2014 10:40 pm
by makeshyft
nevermind......I think the answer is to binarydecode() the data first.

Re: Running binary blob data through SQL cleaning handler?

Posted: Mon Feb 10, 2014 2:14 pm
by MaxV
In order to upload binaries, you need to use the variable in the revExecuteSQL.

The SQLStatement may contain one or more placeholders, which are sequential numbers prepended by a colon. The revExecuteSQL command substitutes the corresponding item in the variablesList for each of these placeholders. For example, if you have two variables called "valueX" and "valueY", you can use a SQLStatement that includes placeholders as follows:

Code: Select all

revExecuteSQL myID, "insert into mytable values(:1,:2,:1)", "valueX","valueY"
when using binaries, you have to insert the *b prefix in variable name; so if you variable containing a binary is "valueX", the correct code is:

Code: Select all

revExecuteSQL myID, "insert into mytable values(:1)", "*bvalueX"
Since the revExecuteSQL command strips the binary marker "*b" and passes it to the database as binary data, rather than text data.
All times are UTC+01:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/