Jump to content
Larry Ullman's Book Forums

Mediumblob Not Processed In Mysql Parameterized Query


Recommended Posts

I appreciate your helping me with my recent questions.  I'm working on a "sticky form" page which I got from your previous Web book which has been extremely useful.  In your new book I came across your procedural parameterized query teaching.  Since I'm working with images, my picture selection below should be large enough.  The insert was successful with old-fashioned code (below) but in Internet forums they lecture you against it because of hacking, so I switched to the code I saw in your book.  The inserts/updates succeed but a zero-sized mediumblob gets stored.  I tried the OOP syntax first, and when that didn't succeed, I tried your procedural approach from the book which again stored everything except the zero-sized blob.  Someone on the Internet said there is a maximum mediumblob size specified and that would explain it not wanting to do it for parameterized queries.  The fact that it works for a concatenated sql statement might reinforce that.  I tried doing my homework but am resorting to asking you another question.  It's probably a short but hard to find answer.  By the way, a window popped up for copying/pasting the code below which would have been too long to type.

 

<input type="hidden" name="MAX_FILE_SIZE" value="2048000">

<label for="picture">Picture</label>

<input name="picture" type="file" id="picture">

 

 $sql = "INSERT INTO products (catid,description,picture,price,quantity,onsale) VALUES ('" .$catid. "','" .$descr. "','" .

 

$thumbnail. "','" .$price. "','" .$quantity. "','" .$onsale. "')";

if ($dbc->query($sql) === TRUE) {echo "Record created successfully";};

 

$sql = "INSERT INTO products (catid,description,picture,price,quantity,onsale) VALUES (?,?,?,?,?,?)";

$stmt = $dbc->prepare($sql);

$stmt->bind_param('isbdii',$catid,$descr,$thumbnail,$price,$quantity,$onsale);

$stmt->execute();

if(mysqli_affected_rows($dbc) == 1) {echo "Record created successfully";};

 

$sql = "UPDATE products SET catid=?,description=?,picture=?,price=?,quantity=?,onsale=? WHERE prodid=?";

$exe = mysqli_prepare($dbc,$sql);

mysqli_stmt_bind_param($exe,'isbdiii',$catid,$descr,$thumbnail,$price,$quantity,$onsale,$prodid);

mysqli_stmt_execute($exe);       

if(mysqli_stmt_affected_rows($exe) == 1) {echo "Record updated";};

Link to comment
Share on other sites

I can't get the copy/paste function here to work like last time, otherwise I would have pasted some code from the page.  The two insert pages are identical except for the two types of sql, and the picture on the first gets successfully inserted, so the thumbnail should be the same in each case.  The second-best thing after typing 14 lines of code is to provide a reference I found that does it the same way.  It's at www.sum-it.nl/en200319.php.  I'll try now and then to copy it but now it's not cooperating.

Link to comment
Share on other sites


Same page and same image used for each test with only sql different.  Parameterized querys have 0 KB size stored but successful one shows KB size in phpmyadmin.  Maybe the max value provided should be lowered because it thinks it will be too large so won't even try.

 

<input type="hidden" name="MAX_FILE_SIZE" value="2048000">

        <label for="picture">Picture</label>

    <input name="picture" type="file" id="picture">

$error = chkimg($_FILES['picture'], 'picture');

$thumbnail = buildthumb($_FILES['picture']);}

 


function buildthumb($pic) {

$picture = file_get_contents($pic['tmp_name']);

$srcimg = imagecreatefromstring($picture);

$srcW = imagesx($srcimg);

$srcH = imagesy($srcimg);

$newW = 80;

$newH = 60;

$newimg = imagecreatetruecolor($newW,$newH);

$x = imagecopyresampled($newimg,$srcimg,0,0,0,0,$newW,$newH,$srcW,$srcH);

 

ob_start();

imageJPEG($newimg);

$thumb = ob_get_contents();

ob_end_clean();

return $thumb;

}

Link to comment
Share on other sites

Okay, there's nothing obviously amiss there. I'd start by verifying the results from the chkimg() and buildthumb() calls (i.e., use basic print/echo statements to confirm what is being called and what the results of those calls are). The max file size is only 2MB. That's not that big. 

Link to comment
Share on other sites

I did all the echoing I could think of a while back.  This time I echoed the data part of the image file which was uploaded as well as the contents of the thumbnail created.  I compared the printouts and the thumbnail is a little smaller, there are similarities but differences due to extra processing, and further comparison  is meaningless unless you're an expert at that kind of thing.  PhpMyAdmin on the server in edit mode opens a path folder for the field of the original image selected and I don't know how it gets that info, and it also says "binary file, don't edit", so that's as far as that gets.  Since the "concatenated sql string" for adding the image previously succeeded I created a similar page for updating it.  When I tested it, the update for the image etc. succeeded.  Since the code for the parameterized testing and the testing for what has worked are the same, I still have to conclude that the validating and thumbnail creating are all similar.  That still doesn't explain why the oop and procedural versions don't store the image in the database record because all the other fields in the record get stored.  I even tried to store the original instead of the thumbnail, but that didn't work.  I'd like to use the parameterized approach but at least I have the one that works.  I remember from your book on PHP and the Web where I encountered your sql statements with your fields surrounded in single quotes, and in order for that to work, I found an answer on the Internet to use cancatenation periods around the fields with interspersed commas.  I see you still have that in this book and I'm still using concatenations, but that's another subject.  I don't have any time to research this thumbnail issue, so maybe some day there will be a revelation. 

Link to comment
Share on other sites

 Share

×
×
  • Create New...