up vote 3 down vote favorite
1

I am trying to store an image in the DataBase, for some reason it doesn't seem to work. Here's the structure of my table.

mysql> describe ImageStore;
+---------+----------+------+-----+---------+-------+
| Field   | Type     | Null | Key | Default | Extra |
+---------+----------+------+-----+---------+-------+
| ImageId | int(11)  | NO   | PRI | NULL    |       |
| Image   | longblob | NO   |     | NULL    |       |
+---------+----------+------+-----+---------+-------+
2 rows in set (0.01 sec)

And here is my query which inserts the image or at least thats what it should:

//Store the binary image into the database
                $tmp_img = $this->image['tmp_name'];
                $sql = "INSERT INTO ImageStore(ImageId,Image)               
                VALUES('$this->image_id','file_get_contents($tmp_image)')";
                mysql_query($sql);

If I print the value of file_get_contents($tmp_image), then there is a tons of data on the screen. But this value doesn't get stored in the database and that is the issue that I'm facing.

share|improve this question
@mazzzzz: Um, this question is not about response times or slowdowns. – Lightness Races in Orbit Aug 13 '11 at 19:12
@Tomalak I know, I was asking why the above comment (now deleted) was recommending not using a db, when this question was how to use one. – mazzzzz Aug 13 '11 at 21:07
@mazzzzz: Fair enough. I did not see that comment before it was removed. (This is a great reason to always use "@"+"notifications", BTW! [FU SO for not letting me post that verbatim, FFS]) – Lightness Races in Orbit Aug 14 '11 at 0:49
@Tomalak np, actually now that it was removed, my comment isn't needed either. – mazzzzz Aug 14 '11 at 3:03

4 Answers

up vote 6 down vote accepted

Problem

$sql = "INSERT INTO ImageStore(ImageId,Image)
        VALUES('$this->image_id','file_get_contents($tmp_image)')";

This creates a string in PHP named $sql. Forget about MySQL for a minute, because you're not executing any query yet. You're just building a string.

The magic of PHP means that you can write a variable name — say, $this->image_idinside the double quotes and the variable still gets magically expanded.

This functionality, known as "variable interpolation", does not occur for function calls. So, all you're doing here is writing the string "file_get_contents($tmp_image)" into the database.

Solution (1)

So, to concatenate the result of calling file_get_contents($tmp_image), you have to jump out of the string and do things explicitly:

$sql = "INSERT INTO ImageStore(ImageId,Image)
        VALUES('$this->image_id','" . file_get_contents($tmp_image) . "')";

(You can see even just from the syntax highlighting how this has worked.)

Solution (2)

Now the problem you have is that if the binary data contains any ', your query is not valid. So you should run it through mysql_escape_string to sanitize it for the query operation:

$sql = "INSERT INTO ImageStore(ImageId,Image)
        VALUES('$this->image_id','" . mysql_escape_string(file_get_contents($tmp_image)) . "')";

Solution (3)

Now you have a really big string, and your database is getting bulky.

Prefer not storing images in databases, where you can help it.

share|improve this answer
Excellent, thanks for the clear explanation. – nikhil Aug 14 '11 at 6:12
@nikhil: No problem! – Lightness Races in Orbit Aug 14 '11 at 13:09
@LightnessRacesinOrbit. Re "prefer not storing large files in db".. well that depends on what db. – Pacerier Jul 11 '12 at 17:14
up vote 2 down vote

To expand on Tomalak's comment, you can't run a function inside of quotes.

Try:

$sql = "INSERT INTO ImageStore(ImageId,Image)               
        VALUES('{$this->image_id}','".file_get_contents($tmp_image)."')";
share|improve this answer
up vote 2 down vote

try this:

$tmp_img = $this->image['tmp_name'];
$sql = "INSERT INTO ImageStore(ImageId,Image)               
  VALUES('$this->image_id','" . addslashes(file_get_contents($tmp_image)) . "')";
mysql_query($sql);
share|improve this answer
up vote 1 down vote

As mentioned you are just saving the string "file_get_contents($tmp_image)" into the db but you need to run the function file_get_contents instead
dont forget to hash the image using a hashing algorithm such as base64_encode before saving it to the db.

share|improve this answer
1  
Why is hashing required? – Lightness Races in Orbit Aug 13 '11 at 19:53
images may contents some illegal words (such as -- , " , ' and so on...) and this may cause problem while we are executing the query – RezaSh Aug 14 '11 at 10:57
without hashing or any other checks this may cause sql injection attacks – RezaSh Aug 14 '11 at 10:58
You don't need hashing at all. Just escape single quotes and backslashes to keep from breaking out of string mode. – Lightness Races in Orbit Aug 14 '11 at 13:03
You are right , but there is another option , we can send and recive images like a string to and from the browser , most browser can convert a base64 string to image , but for sql injections and custom errors i trust your solution – RezaSh Aug 14 '11 at 19:21

Your Answer

 
or
required, but never shown
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.