php：扭转 mysql_real_escape_string 对二进制文件的影响

发布于 2024-07-22 10:01:28 字数 380 浏览 4 评论 0原文

我构建了一个网页，用户可以在其中提交 PDF，然后将其插入到 Mediumblob 中的 MySQL 数据库中，以便稍后检索。

这一切都工作正常，除非 PDF 包含图像或嵌入字体，在这种情况下图像会损坏并且使用该字体的任何文本都会消失（Acrobat 显示有关丢失字体的消息）。

我已经确定问题是由于我通过 mysql_real_escape_string_function 传递 pdf 数据而发生的。我已在提交/检索时切换到 base64_encode/base64_decode，这解决了所有新文件的问题，但我已经提交了大约 25 个 PDF，我需要能够阅读。

是否可以逆转 mysql_real_escape_string 的影响？或者这些文件是否已损坏且无法修复？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

長街聽風 2024-07-29 10:01:28

当然，应该可以修复。您只需要弄清楚 mysql_real_escape_string 的作用。我相信您只需要删除紧邻 CR、LF、TAB、单引号、双引号、NUL 或其他斜杠之前的任何斜杠。应该是单行正则表达式修复。

回复收藏 0 原文

奢欲 2024-07-29 10:01:28

mysql_real_escape_string() 将反斜杠添加到这些字符中。

\x00, \n, \r, \, ', " and \x1a

问题是，如果您的二进制输出带有反斜杠（它是二进制数据），则可能很难修复。话虽如此，没有什么神奇的功能可以撤销这个功能。

mysql_real_escape_string() puts backslashes to these characters.

\x00, \n, \r, \, ', " and \x1a

The thing is, that if your binary output has backslashes it it's binary data, it can be very hard to fix. That being said, there is no magical function to undo this function.

回复收藏 0 原文

稍尽春風 2024-07-29 10:01:28

老实说，我不知道还能是什么。当我更改那段代码时，它解决了问题，并且我在网上发现了其他实例，人们也遇到了同样的问题（但没有解决方案）。

这是插入代码：

function db_value( $mysqli, $value ) {
if( empty($value) )
    return "''";

if( get_magic_quotes_gpc() )
    $value = stripslashes($value);

if( !is_numeric($value) || ($value[0] == '0' && $value != 0) )
    $value = "'".mysqli_real_escape_string($mysqli, $value)."'";

return $value;
}

function saveToDatabase( $data, $fileTempName, $abstractFileName ) {
$fileHandle = fopen( $fileTempName, 'r' );
$abstractFile = fread( $fileHandle, filesize( $fileTempName ) );
fclose( $fileHandle );
$abstractFileMimeType = $fileUpload->get_mime();

$mysqli = connect_to_database();

if( $mysqli != FALSE ) {
    $insertQuery = "INSERT INTO `paper_submissions` (
        `name`,
        `affiliation`,
        `email`,
        `phone_number`,
        `title`,
        `abstract`,
        `abstract_file`,
        `abstract_file_name`,
        `abstract_file_mime_type`,
        `requests_financial_support`,
        `HTTP_USER_AGENT`,
        `REMOTE_ADDR`
    )
    VALUES ( 
        ".db_value( $mysqli, $data['submitter_name'] ).",
        ".db_value( $mysqli, $data['submitter_affiliation'] ).",
        ".db_value( $mysqli, $data['submitter_email'] ).",
        ".db_value( $mysqli, $data['submitter_phone'] ).",
        ".db_value( $mysqli, $data['paper_title'] ).",
        ".db_value( $mysqli, $data['abstract_text'] ).",
        ".db_value( $mysqli, $abstractFile ).",
        ".db_value( $mysqli, $abstractFileName ).",
        ".db_value( $mysqli, $abstractFileMimeType ).",
        ".db_value( $mysqli, $data['request_financial_support'] ).",
        ".db_value($mysqli, $_SERVER['HTTP_USER_AGENT']).",
        ".db_value($mysqli, $_SERVER['REMOTE_ADDR'])."
    )";

    $insertResult = $mysqli->query( $insertQuery );

    close_database( $insertResult, $mysqli );

    return $insertResult;
}

return FALSE;
}

这是提取代码：

$selectQuery = "SELECT `abstract_file_name`, `abstract_file_mime_type`, `abstract_file`
FROM `paper_submissions`
WHERE `id` = ".db_value( $mysqli, $id );


$result = $mysqli->query( $selectQuery );

if( $result != FALSE ) {
if( $result->num_rows ) {
    $paper = $result->fetch_array( MYSQL_ASSOC );

    $fileSize = strlen( $paper['abstract_file'] );

    header( 'Date: '.gmdate( "D, d M Y H:i:s" ).' GMT' );
    header( 'Expires: Thu, 19 Nov 1981 08:52:00 GMT' );
    header( 'Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0' );
    header( 'Pragma: no-cache' );
    header( 'Content-Type: '.$paper['abstract_file_mime_type'].'; charset=utf-8' );
    header( 'Content-Length: '.$paper['abstract_file_size'] );
    header( 'Content-Disposition: inline; filename="'.$paper['abstract_file_name'].'"' );
    echo $paper['abstract_file'];
    exit();
}
}

I honestly don't know what else it could be. When I changed that bit of code it cleared up the problem, and I've found other instances online where people had the same problem (but no solutions).

Here is the insertion code:

function db_value( $mysqli, $value ) {
if( empty($value) )
    return "''";

if( get_magic_quotes_gpc() )
    $value = stripslashes($value);

if( !is_numeric($value) || ($value[0] == '0' && $value != 0) )
    $value = "'".mysqli_real_escape_string($mysqli, $value)."'";

return $value;
}

function saveToDatabase( $data, $fileTempName, $abstractFileName ) {
$fileHandle = fopen( $fileTempName, 'r' );
$abstractFile = fread( $fileHandle, filesize( $fileTempName ) );
fclose( $fileHandle );
$abstractFileMimeType = $fileUpload->get_mime();

$mysqli = connect_to_database();

if( $mysqli != FALSE ) {
    $insertQuery = "INSERT INTO `paper_submissions` (
        `name`,
        `affiliation`,
        `email`,
        `phone_number`,
        `title`,
        `abstract`,
        `abstract_file`,
        `abstract_file_name`,
        `abstract_file_mime_type`,
        `requests_financial_support`,
        `HTTP_USER_AGENT`,
        `REMOTE_ADDR`
    )
    VALUES ( 
        ".db_value( $mysqli, $data['submitter_name'] ).",
        ".db_value( $mysqli, $data['submitter_affiliation'] ).",
        ".db_value( $mysqli, $data['submitter_email'] ).",
        ".db_value( $mysqli, $data['submitter_phone'] ).",
        ".db_value( $mysqli, $data['paper_title'] ).",
        ".db_value( $mysqli, $data['abstract_text'] ).",
        ".db_value( $mysqli, $abstractFile ).",
        ".db_value( $mysqli, $abstractFileName ).",
        ".db_value( $mysqli, $abstractFileMimeType ).",
        ".db_value( $mysqli, $data['request_financial_support'] ).",
        ".db_value($mysqli, $_SERVER['HTTP_USER_AGENT']).",
        ".db_value($mysqli, $_SERVER['REMOTE_ADDR'])."
    )";

    $insertResult = $mysqli->query( $insertQuery );

    close_database( $insertResult, $mysqli );

    return $insertResult;
}

return FALSE;
}

And here is the extraction code:

$selectQuery = "SELECT `abstract_file_name`, `abstract_file_mime_type`, `abstract_file`
FROM `paper_submissions`
WHERE `id` = ".db_value( $mysqli, $id );


$result = $mysqli->query( $selectQuery );

if( $result != FALSE ) {
if( $result->num_rows ) {
    $paper = $result->fetch_array( MYSQL_ASSOC );

    $fileSize = strlen( $paper['abstract_file'] );

    header( 'Date: '.gmdate( "D, d M Y H:i:s" ).' GMT' );
    header( 'Expires: Thu, 19 Nov 1981 08:52:00 GMT' );
    header( 'Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0' );
    header( 'Pragma: no-cache' );
    header( 'Content-Type: '.$paper['abstract_file_mime_type'].'; charset=utf-8' );
    header( 'Content-Length: '.$paper['abstract_file_size'] );
    header( 'Content-Disposition: inline; filename="'.$paper['abstract_file_name'].'"' );
    echo $paper['abstract_file'];
    exit();
}
}

回复收藏 0 原文

孤独岁月 2024-07-29 10:01:28

Ólafur，

我从 php 手册中收集到了这一点，甚至尝试了以下方法：

$search = array( "\\0", "\\n", "\\r", "\\\\", "\\'", "\\\"", "\Z", );
$replace = array( "\x00", "\n", "\r", "\\", "'", "\"", "\x1a" );
$desiredString = str_replace( $search, $replace, $escapedString );

这在处理文本时似乎工作正常，但将其应用于二进制数据只会进一步降低 PDF 的质量（例如，段落丢失）。

Ólafur,

I gathered that from the php manual, and even tried the following:

$search = array( "\\0", "\\n", "\\r", "\\\\", "\\'", "\\\"", "\Z", );
$replace = array( "\x00", "\n", "\r", "\\", "'", "\"", "\x1a" );
$desiredString = str_replace( $search, $replace, $escapedString );

This seems to works fine when dealing with text, but applying it to the binary data only further degrades PDF (e.g. paragraphs go missing).

回复收藏 0 原文

~没有更多了~