0

如果这是一个密集的问题,我深表歉意,但我在使用 MYSQL LOAD_FILE() 和准备好的语句来上传图像 BLOB 时遇到了一些麻烦。因此,我不得不求助于使用来分隔查询,一个用于准备详细信息的语句,另一个不准备插入我的 BLOB 的语句。这是我尝试过的查询示例:

function add_new_video() {
    $image = $_FILES['thumbnail_file']['tmp_name']; // pass this file name to getimagesize() to determine the mime-type
    $size_array = getimagesize($image);
    $thumbnail_mimetype = $size_array['mime'];
    $thumbnail_contents = file_get_contents($image);
    $thumbnail_filesize = $size_array[3];
    $thumbnail_filename = $_FILES['thumbnail_file']['name'];

    $title = $_POST['title'];
    $summary = $_POST['summary'];
        // Checkbox...      
        if(!empty($_POST['demo_reel'])) {
        $demo_reel = $_POST['demo_reel'];
    }
    else {
        $demo_reel = 0;
    }

    $query = "INSERT INTO videos (title, summary, thumbnail_filename, thumbnail_filesize, thumbnail_mimetype, thumbnail_contents, demo_reel) VALUES(?, ?, ?, ?, ?, LOAD_FILE($image), ?)";
    if($stmt = $this->conn->prepare($query)) {
        $stmt->bind_param('sssssi', $title, $summary, $thumbnail_filename, $thumbnail_filesize, $thumbnail_mimetype, $thumbnail_contents, $demo_reel);
        $stmt->execute();
        if($stmt->affected_rows == 1) {
            return true;
        }
        else {
            return false;
        }
    }
}

不幸的是,这个查询失败了,我似乎无法从中得到任何错误。相反,这是我当前的查询,它有效,但不使用准备好的语句,而且安全性较低:

    $video_filename = $_POST['file_name'];
    $video_number = $_POST['number'];
    $title = $_POST['title'];
    $summary = $_POST['summary'];
    if(!empty($_POST['demo_reel'])) {
    $demo_reel = $_POST['demo_reel'];
   }
   else {
    $demo_reel = 0;
   }


    $image = $_FILES['thumbnail_file']['tmp_name']; // pass this file name to      
    getimagesize() to determine the mime-type
    $size_array = getimagesize($image);
    $thumbnail_mimetype = $size_array['mime'];
    $thumbnail_filesize = $size_array[3];
    $thumbnail_contents = addslashes(file_get_contents($image));
    $thumbnail_filename = $_POST['number'] . '.jpg';

    $query = "INSERT INTO videos (`video_filename`, `video_number`,
    `thumbnail_contents`, `title`, `summary`, `demo_reel`, `thumbnail_filename`,     
    `thumbnail_filesize`, `thumbnail_mimetype`) VALUES ('$video_filename', 
    '$video_number', '$thumbnail_contents', '$title', '$summary', '$demo_reel', 
    '$thumbnail_filename', '$thumbnail_filesize', '$thumbnail_mimetype')";

  if($result = $this->conn->query($query)) {        
     return true;
  }
  else {
    return false;
  }

由于所有细节目前都未转义,我宁愿不经历使用 nl2br() 的过程并再次返回,我正在考虑两个查询:一个使用 $_POST 变量的准备好的语句,然后另一个使用 addlashes () 和文件的常规语句。我希望能够在一个准备好的语句中完成整个插入。非常感谢任何帮助和理解!

4

1 回答 1

0

你需要的是MySQLisend_long_data 

$stmt = $mysqli->prepare("INSERT INTO images (image) VALUES(?)");
//initialize the statement
$null = NULL;
$stmt->bind_param("b", $null);
//bind an empty blob dummy
$stmt->send_long_data(0, file_get_contents("osaka.jpg"));
//send the actual data (0 is the index of the parameter to fill with the data)
$stmt->execute();
于 2014-01-27T16:47:17.113 回答