Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why is it necessary to add escape sequences to a binary string when storing to a MySQL Database?

Tags:

php

mysql

The whole point of designating data as binary is to simply treat the binary sequence as a raw, untouched sequence of bytes.

=> Given that MySQL has BLOB, BINARY and VARBINARY data types, why isn't it possible to store and retrieve any arbitrary binary stream of data from a php script without having the need to escape the sequence with mysql_real_escape_string or addslashes?

like image 913
tgoneil Avatar asked Jan 19 '23 14:01

tgoneil


2 Answers

Because binary data are still serialized to a string… So, for example, imagine your $binary_data had the value a 'b" c. Then the query INSERT INTO foo VALUES $binary_data would fail.

like image 194
David Wolever Avatar answered Feb 08 '23 15:02

David Wolever


The whole point of designating data as binary is to simply treat the binary sequence as a raw, untouched sequence of bytes.

you are wrong.
the only point of designating data as binary is just to mark it to be not a subject of character set recoding. that's all.

why isn't it possible to store and retrieve any arbitrary binary stream of data from a php script without having the need to escape the sequence with mysql_real_escape_string or addslashes?

who said it's impossible?
it's quite possible, both to store and retrieve.
The whole point of prepared statements is to send an arbitrary binary stream directly to mysql.

Why is it necessary to add escape sequences to a binary string when storing to a MySQL Database?

If you are talking of SQL, you have to understand what it is first.
SQL is a programming language.
And as any language has it's own syntax to follow.
And if you're going to add your raw binary data to this program, you have to make this data satisfy these rules. That's what escaping for.

like image 41
Your Common Sense Avatar answered Feb 08 '23 15:02

Your Common Sense