Home/ Questions/Q 717241
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T05:23:27+00:00

I heard a rumor that when inserting binary data (files and such) into MySQL,

  • 0

I heard a rumor that when inserting binary data (files and such) into MySQL, you should use the bin2hex() function and send it as a HEX-coded value, rather than just use mysql_real_escape_string on the binary string and use that.

// That you should do
$hex = bin2hex($raw_bin);
$sql = "INSERT INTO `table`(`file`) VALUES (X'{$hex}')";

// Rather than
$bin = mysql_real_escape_string($raw_bin);
$sql = "INSERT INTO `table`(`file`) VALUES ('{$bin}')";

It is supposedly for performance reasons. Something to do with how MySQL handles large strings vs. how it handles HEX-coded values

However, I am having a hard time confirming this. All my tests indicate the exact oposite; that the bin2hex method is ~85% slower and uses ~24% more memory.
(I am testing this on PHP 5.3, MySQL 5.1, Win7 x64 – Using a farily simple insert loop.)

For instance, this graph shows the private memory usage of the mysqld process while the test code was running:

Private Bytes used by the mysqld process
(source: advefir.com)

Does anybody have any explainations or reasources that would clarify this?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This sounds like an urban legend to me.

    bin2hex() maps each byte in the input to two bytes in the output ('a' -> '61'), so you should notice a significant memory increase of the script performing the query – it should use at least as much memory more as the byte length of the binary data to be inserted.

    Furthermore, this implies that running bin2hex() on a long string takes much longer than running mysql_real_escape string(), which – as explained in MySQL’s documentation – just escapes 6 characters: NULL, \r, \n, \, , and ‘Control-Z’.

    That was for the PHP part, now for MySQL: The server needs to do the reverse operation to store the data correctly. Reversing either of the functions takes almost as long as the original operation – the reverse function of mysql_real_escape_string() needs to replace escaped values (\\) with unescaped ones (\), whereas the reverse of bin2hex() would need to replace each and every byte tuple with a new byte.

    Since calling mysql_real_escape_string() on binary data is safe (according to MySQL’s and PHP’s documentation or even when just considering that the operation does not do any other conversions than the ones listed above), it would make absolutely no sense to perform such a costly operation.

    • 0