March 20th, 2002, 10:20 AM
Virus scanning an uploaded file
The uploading part is elementary, however I wonder how I would go about implementing a virus scan of the file?
A lot of peeps seem to frown on it, but I am probably going to store the file in a database as a blob. I'd prefer handling it this way since any file that is uploaded will be a text file or small batch file. I wouldn't do it this way if I were handling images or other larger files.
The trick is how to I scan it prior to inserting into the db?
Or, I guess the better question is how do I insert a file into mysql db from a linux command prompt?
I can upload the file, run my virus scan with a system command, and abort if virus is found, or return an 'ok' if the file is ok. If ok, do the MySQL insert statement and finish the operation.
March 20th, 2002, 10:57 AM
I don't really see why you'd want to insert it from a linux shell. Can't you just do
from your PHP script after you scanned it?
$yourbinarydata = addslashes(fread(fopen($uploadedfile, "r"), filesize($uploadedfile)));
mysql_query("INSERT INTO yourtable (yourblob) VALUES ('".$yourbinarydata."')");