July 12th, 2013, 12:52 PM
MSSQL & mssql_bind() not cooperating!
First time poster so excuse an nuances of the forum I do not know yet. I have been facing this problem at work for the last couple days and even with relentless forum searching I have been unable to answer it.
At my company we have an old C/C++ program that processes downloads from a sqlite db to a MSSQL db. My job, as the intern this summer, is to take that outdated (15 y.o.) program and convert it to a php script that does EXACTLY what it does. I had limited knowledge of php or database work up until this point but I was eager to learn. My program executes a series of stored procedures within a MSSQL db to store data. I learned quickly how to make this work and that the best way to do this was using bind because it prevents from being easily hacked (intercepted, is the other term I read over on the web).
My problem : In three of the stored procedures I need to store a BLOB in a MSSQL db stored procedure that accepts an image type. When attempting to use mssql_bind I get an error when inserting my data, regardless of the mssql datatype I use.
My attempts at solving this :
1. Re-write the way I acquire my BLOB in an attempt to rule that out as the issue. -- failed
2. Scour the web for a MSSQL datatype that is compatible with the stored procedures image field. -- failed, I was unable to find anything that was IMAGE specific.
3. Increase the data transfer size in the freetds.conf file -- failed
4. Found in a forum on the web instructions to try SQLVARCHAR and SQLTEXT as the MSSQL datatypes -- failed, using SQLVARCHAR results in an error on the bind call and SQLTEXT results in an error on the execute call.
Currently, I am at a wall with this project and don't really know where to go from here. Are there other ways of executing stored procedures without the use of bind? How much of the security side of things will not using bind compromise? Also, for what it's worth I found a bug report on the php website from about 5 years ago that describes my problem.
Thanks for any and all help you all can give,
July 12th, 2013, 01:01 PM
If you're on Windows you should be using SQLSRV instead of MSSQL (PHP extensions) but if you were in an environment where it was required of you then you'd know that already so it's alright.
What's your code? I believe it should have a mssql_bind() like
mssql_bind($stmt, "@param", $image, SQLBINARY);
July 12th, 2013, 01:11 PM
I am working in a linux enviroment, not windows, so I believe I am using the correct form. Also, I have tried the following datatypes trying to troubleshoot this :
Originally Posted by requinix
And any variety of the above with a "_" between SQL and whatever is attached... ex : SQL_BINARY
My code is as follows :
EDIT : Also, I tried your idea and it didn't work.
$handle = fopen($fullPath, "rb");
$bin = $bin.fread($handle,sizeof($fullPath));}
$db_lite = initDbLite();
$stmt = mssql_init('dbo.InsertFlagDownloadImage', $handleMS);
mssql_bind($stmt, '@PatientNum', $paramArray['PatientID'], SQLINT2, false, false);
mssql_bind($stmt, '@DloadLogNum', $DloadLogNum, SQLINT2, false, false);
mssql_bind($stmt, '@FileTypeNum', $filetype, SQLINT2, false, false);
mssql_bind($stmt, '@FlagDloadBinaryImage', $bin, SQLBINARY, false, false);
mssql_bind($stmt, '@PassFail', $MsCheckArr['PassFail'], SQLVARCHAR, true, false, 25);
mssql_bind($stmt, '@ErrorMsg', $MsCheckArr['ErrorMsg'], SQLVARCHAR, true, false, 101);
July 12th, 2013, 02:59 PM
That's not right: sizeof() is for arrays. If you want the size of a file then use filesize.
$bin = $bin.fread($handle,sizeof($fullPath));
But you don't need it. The whole fopen/fread/fclose thing can be replaced with just
Also, what errors?
$bin = file_get_contents($fullPath);
July 12th, 2013, 03:18 PM
That was my original method of getting the binary image but I attempted another in the event that my data was the issue. Thanks for the pro tip though.
Still having trouble with this bind statement. Not sure where to go from here and its a major roadblock in completing this project I am working on.
July 12th, 2013, 04:17 PM