Reply to Re: Question re: sql injection — PHP Programming Language

Posted by Andrew Hutchings on 06/30/07 14:26

Jerry Stuckle wrote:
> Andrew Hutchings wrote:
>> Jerry Stuckle wrote:
>>
>>> If you're not using unicode, then mysql_real_escape_string won't
>>> decode it as unicode. So no matter what it is, the "malformed
>>> unicode character" can't cause a problem.
>>>
>>> Now if you are using unicode, that might be a problem.
>>>
>>>
>>
>> I stand corrected, MySQL charset has to be unicode. Although this is
>> now fixed in MySQL 5.0.22 anyway.
>
> So it was only a problem in the implementation of
> mysql_real_escape_string() then?
>

Looks like it, in the MySQL API side of things:

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-22.html

--
Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/
Windows is the path to the darkside...Windows leads to Blue Screen. Blue
Screen leads to downtime. Downtime leads to suffering...I sense much
Windows in you...

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация