MySQL driver: Use prepared statements instead of escaping when saving file

Studio-42 / elFinder

📁 Open-source file manager for web, written in JavaScript using jQuery and jQuery UI

https://studio-42.github.io/elFinder/

Other

4.6k stars 1.41k forks source link

MySQL driver: Use prepared statements instead of escaping when saving file #3604

Closed adamvalalsky closed 6 months ago

adamvalalsky commented 9 months ago

Right now, inserting empty binary file (all binary zeroes) causes escaping of every single byte in content. This creates SQL which is double in size and can easily exceed max_allowed_packet value in MySQL.

This change uses prepared statements instead of escaping, so created SQLs (for files that would need escaping) are smaller.

nao-pon commented 6 months ago

@adamvalalsky I'm sorry to be late. Merge.