#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    3
    Rep Power
    0

    MSSQL & mssql_bind() not cooperating!


    First time poster so excuse an nuances of the forum I do not know yet. I have been facing this problem at work for the last couple days and even with relentless forum searching I have been unable to answer it.


    At my company we have an old C/C++ program that processes downloads from a sqlite db to a MSSQL db. My job, as the intern this summer, is to take that outdated (15 y.o.) program and convert it to a php script that does EXACTLY what it does. I had limited knowledge of php or database work up until this point but I was eager to learn. My program executes a series of stored procedures within a MSSQL db to store data. I learned quickly how to make this work and that the best way to do this was using bind because it prevents from being easily hacked (intercepted, is the other term I read over on the web).
    .
    My problem : In three of the stored procedures I need to store a BLOB in a MSSQL db stored procedure that accepts an image type. When attempting to use mssql_bind I get an error when inserting my data, regardless of the mssql datatype I use.

    My attempts at solving this :
    1. Re-write the way I acquire my BLOB in an attempt to rule that out as the issue. -- failed
    2. Scour the web for a MSSQL datatype that is compatible with the stored procedures image field. -- failed, I was unable to find anything that was IMAGE specific.
    3. Increase the data transfer size in the freetds.conf file -- failed
    4. Found in a forum on the web instructions to try SQLVARCHAR and SQLTEXT as the MSSQL datatypes -- failed, using SQLVARCHAR results in an error on the bind call and SQLTEXT results in an error on the execute call.

    Currently, I am at a wall with this project and don't really know where to go from here. Are there other ways of executing stored procedures without the use of bind? How much of the security side of things will not using bind compromise? Also, for what it's worth I found a bug report on the php website from about 5 years ago that describes my problem.

    Thanks for any and all help you all can give,

    jaz
  2. #2
  3. Come play with me!
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,743
    Rep Power
    9397
    If you're on Windows you should be using SQLSRV instead of MSSQL (PHP extensions) but if you were in an environment where it was required of you then you'd know that already so it's alright.

    What's your code? I believe it should have a mssql_bind() like
    PHP Code:
    mssql_bind($stmt"@param"$imageSQLBINARY); 
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    3
    Rep Power
    0
    Originally Posted by requinix
    If you're on Windows you should be using SQLSRV instead of MSSQL (PHP extensions) but if you were in an environment where it was required of you then you'd know that already so it's alright.

    What's your code? I believe it should have a mssql_bind() like
    PHP Code:
    mssql_bind($stmt"@param"$imageSQLBINARY); 
    I am working in a linux enviroment, not windows, so I believe I am using the correct form. Also, I have tried the following datatypes trying to troubleshoot this :

    SQLBINARY
    SQLVARBIN
    SQLVARBINARY
    BINARY
    IMAGE
    SQLIMAGE
    SQLVARCHAR
    SQLTEXT
    And any variety of the above with a "_" between SQL and whatever is attached... ex : SQL_BINARY

    My code is as follows :

    PHP Code:

        $handle 
    fopen($fullPath"rb");
        
    $bin=NULL
        while(!
    feof($handle)){
        
    $bin $bin.fread($handle,sizeof($fullPath));}
        
    fclose($handle); 
        
    //var_dump($bin); 


        
    $db_lite initDbLite();
        
    $stmt mssql_init('dbo.InsertFlagDownloadImage'$handleMS); 
        
    mssql_bind($stmt'@PatientNum'$paramArray['PatientID'], SQLINT2falsefalse);
        
    mssql_bind($stmt'@DloadLogNum'$DloadLogNumSQLINT2falsefalse);
        
    mssql_bind($stmt'@FileTypeNum'$filetypeSQLINT2falsefalse);
        
    mssql_bind($stmt'@FlagDloadBinaryImage'$binSQLBINARYfalsefalse); 
        
    mssql_bind($stmt'@PassFail'$MsCheckArr['PassFail'], SQLVARCHARtruefalse25);
        
    mssql_bind($stmt'@ErrorMsg'$MsCheckArr['ErrorMsg'], SQLVARCHARtruefalse101); 
        
    mssql_execute($stmt); 
        echo 
    mssql_get_last_message(); 
    EDIT : Also, I tried your idea and it didn't work.
  6. #4
  7. Come play with me!
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,743
    Rep Power
    9397
    PHP Code:
    $bin $bin.fread($handle,sizeof($fullPath)); 
    That's not right: sizeof() is for arrays. If you want the size of a file then use filesize.

    But you don't need it. The whole fopen/fread/fclose thing can be replaced with just
    PHP Code:
    $bin file_get_contents($fullPath); 
    Also, what errors?
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2013
    Posts
    3
    Rep Power
    0
    That was my original method of getting the binary image but I attempted another in the event that my data was the issue. Thanks for the pro tip though.

    Still having trouble with this bind statement. Not sure where to go from here and its a major roadblock in completing this project I am working on.
  10. #6
  11. Come play with me!
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,743
    Rep Power
    9397

IMN logo majestic logo threadwatch logo seochat tools logo