http://qs321.pair.com?node_id=827874


in reply to Retrieving Office 2007 files from a BLOB using Perl

Maybe you would fare better if you used DBI placeholders instead of interpolating your data into your SQL? I think that a carefully crafted filename could still subvert your SQL, because you don't escape/remove newlines and other binary data from it.

Also, maybe you need to use binmode when reading your file, but I don't know that much about Oracle. Also, why are you using such a low chunk size of 4096 instead of a chunk size that would fetch most of your documents in one go?