OK. I haven't used stack exchange in a while, so bear with me. I've researched this exhaustively and can't find an answer.
I'm new to PDO statements in general, and am using it for a site I'm working on, which is going to contain an image uploader. Right now, I have this function:
function addImage($listing_id, $location) {
$sql = $this->connection->prepare("INSERT INTO images (listing_id, location) VALUES (?, ?)");
$sql->execute(array($listing_id, $location));
}
Now, $location
comes into this function correct - it is an image location, such as C:\image.png
or http://test.com/image.jpg
. It is correct at that point. However, upon insertion, the image extensions are being scrubbed, entering only "C:\image"
or "http://test.com/image"
into the database, which of course is an issue later when I need to use that information to fetch and or modify the image. I assume it's something to do with a sql injection prevention within PDO? I really don't know. Please help!