|
|
Posted by Andy Hassall on 08/30/06 18:55
On Wed, 30 Aug 2006 11:21:47 -0500, Sophisticado <Sophsiticado> wrote:
>I have a script in which I am collecting sensitive information via a
>form (METHOD=POST) and encrypting the posted variable (format = BLOB)
>using mcrypt, then saving it in a MySql table. Using my test
>script,everything works fine. Using my production scrypt, everything
>works fine for data posted with fewer than 8 characters. If I try to
>upload data longer than 8 characters, I get this error message:
>
>You have an error in your SQL syntax; check the manual that corresponds
>to your MySQL server version for the right syntax to use near 'ióU¹�
>?šC!ÊŒB', '01', '2004', NULL, '150')' at line 1
>
>The characters ióU¹?šC!ÊŒB' after "near" are the encrypted characters.
>
>There does not seem to be any difference between the test and production
>scrypts.
>
>Here is the syntax I am using for saving the record:
>
>if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "myTable"))
>{
> $insertSQL = sprintf("INSERT INTO myTable (`Date`, LastName,
>FirstName, EcryptedBlob) VALUES (%s, %s, %s, %s)",
> GetSQLValueString($_POST['Date'], "text"),
> GetSQLValueString($_POST['Lastname'], "text"),
> GetSQLValueString($_POST['Firstname'], "text"),
> GetSQLValueString($encrypted,"text"));
>
>php v. 5.0.5
>MySql v. 4.1.9
Where is "GetSQLValueString" defined?
--
Andy Hassall :: andy@andyh.co.uk :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
[Back to original message]
|