MSSQL & mssql_bind() not cooperating!

[MoozicFarm]

	
	$handle = fopen($fullPath, "rb");
	$bin=NULL; 
	while(!feof($handle)){
	$bin = $bin.fread($handle,sizeof($fullPath));}
	fclose($handle); 
	//var_dump($bin); 


	$db_lite = initDbLite();
	$stmt = mssql_init('dbo.InsertFlagDownloadImage', $handleMS); 
	mssql_bind($stmt, '@PatientNum', $paramArray['PatientID'], SQLINT2, false, false);
	mssql_bind($stmt, '@DloadLogNum', $DloadLogNum, SQLINT2, false, false);
	mssql_bind($stmt, '@FileTypeNum', $filetype, SQLINT2, false, false);
	mssql_bind($stmt, '@FlagDloadBinaryImage', $bin, SQLVARCHAR, false, false); 
	mssql_bind($stmt, '@PassFail', $MsCheckArr['PassFail'], SQLVARCHAR, true, false, 25);
	mssql_bind($stmt, '@ErrorMsg', $MsCheckArr['ErrorMsg'], SQLVARCHAR, true, false, 101); 
	mssql_execute($stmt); 
	echo mssql_get_last_message();  

First time poster so excuse an nuances of the forum I do not know yet. I have been facing this problem at work for the last couple days and even with relentless forum searching I have been unable to answer it. 

 

 

At my company we have an old C/C++ program that processes downloads from a sqlite db to a MSSQL db. My job, as the intern this summer, is to take that outdated (15 y.o.) program and convert it to a php script that does EXACTLY what it does. I had limited knowledge of php or database work up until this point but I was eager to learn. My program executes a series of stored procedures within a MSSQL db to store data. I learned quickly how to make this work and that the best way to do this was using bind because it prevents from being easily hacked (intercepted, is the other term I read over on the web). 

.

My problem : In three of the stored procedures I need to store a BLOB in a MSSQL db stored procedure that accepts an image type. When attempting to use mssql_bind I get an error when inserting my data, regardless of the mssql datatype I use.

 

My attempts at solving this : 

1. Re-write the way I acquire my BLOB in an attempt to rule that out as the issue. -- failed

2. Scour the web for a MSSQL datatype that is compatible with the stored procedures image field. -- failed, I was unable to find anything that was IMAGE specific. 

3. Increase the data transfer size in the freetds.conf file -- failed

4. Found in a forum on the web instructions to try SQLVARCHAR and SQLTEXT as the MSSQL datatypes -- failed, using SQLVARCHAR results in an error on the bind call and SQLTEXT results in an error on the execute call.

 

Currently, I am at a wall with this project and don't really know where to go from here. Are there other ways of executing stored procedures without the use of bind? How much of the security side of things will not using bind compromise? Also, for what it's worth I found a bug report on the php website from about 5 years ago that describes my problem. The link is : http://grokbase.com/t/php/php-bugs/0644ny6bxe/36961-new-mssql-bind-will-not-bind-an-image-field

 

Thanks for any and all help you all can give,

 

MF

[kicken]

The mssql_* functions are outdated and no longer maintained. If your goal is to create a more modern program, then you're already failing. Switch to PDO using the PDO_SQLSRV driver for talking to the database if possible. ODBC would be your next best option if SQLSRV is not an option.

 

Once you've made the switch, if you still have issues, post back with some more details.

[MoozicFarm]

kicken,

 

I've looked into these options but because it is experimental I cannot use it. Thanks though.