> On 1/24/07, Scott MacVicar <[EMAIL PROTECTED]> wrote: >> This is a gentle nudge, there was no interest since this was posted 2 >> months ago, we had a client who get exploited recently because of this >> issue. We use mysqli where appropriate but sometimes its not available >> because hosts don't know any better. >> >> Since there are no plans to deprecate the mysql extension any time soon >> we at least need the ability to protect ourselves. Patches are again PHP >> 4_4, 5_2 and HEAD.
Just for the records, maybe someone will find all this useful (lots of users on Gentoo do ;) ), I've made something similar which will soon be part of the Gentoo PHP packages, because we have lots of users and situations where it's needed to be able to define the mysql connection charset. I'll only link the mysql ext patch for 4.4.4, but on the site you can also find the ones for pdo_mysql and mysqli for PHP 5.2 if needed. Basically just a new ini-entry, PHP_INI_ALL so you can just do ini_set() in your scripts, and define the connection charset for MySQL. Here it is: https://overlays.gentoo.org/proj/php/browser/patches/php-patches/4.4.4/4.4.4/php4.4.4-mysql-charsetphpini.patch Have fun. ;) -- Best regards, Luca Longinotti aka CHTEKK LongiTEKK Networks Admin: [EMAIL PROTECTED] Gentoo Dev: [EMAIL PROTECTED] SysCP Dev: [EMAIL PROTECTED] TILUG Supporter: [EMAIL PROTECTED]
signature.asc
Description: OpenPGP digital signature
