Jean-Christian Imbeault <[EMAIL PROTECTED]> wrote: > Sorry if my intentions were not clear but I am trying to protect myself > from SQL injection attacks by using addslashes() to user provided > information. I cannot assume anything about the incoming data (not even > the encoding) since anyone trying to hack my machine by using such a > technique could pretty much send whatever they wanted using a telnet > session or what not ...
Sorry for my misleading words too... SQL injection attacks can be prevented with a self-made addslashes() even if you choose SJIS for the internal charset. example: <?php mb_internal_encoding("Shift_JIS"); $escaped = mb_ereg_replace("([\\\"'\0])", "\\\\1", $sjis_string); ?> > > Anyway, Shift_JIS is not a great choice for PHP scripting. > > Tell me about it. I have the hardest time getting the people who > actually make the HTML page to use EUC instead of SJIS. Of course they > all use MS platforms to create the HTML content so they can't understand > why SJIS causes me pain when I try and edit it in *NIX box or parse it > in PHP ... The main reason is that several SJIS characters, each of which is a compound of the lead byte and the second byte, may contain a byte for the second byte whose value is the same as the character code of "\" (backslash = \x5c) and such double-byte characters are unfortunately mistreated by PHP since backslashes are also used for escape sequences in string literals. http://www.microsoft.com/globaldev/reference/dbcs/932.htm You can avoid this issue by configuring a PHP build with --enable-zend-multibyte option and set mbstring.script_encoding to SJIS. Also keep in mind that the same thing applies to CP936(a GB2312 variant, used in the simplified Chinese version of Windows), CP949(a KSC5601 variant, used in the Korean version of Windows), and CP950(big5, used in the traditional Chinese version of Windows). However, as of the current implementation, the character sets / encodings mentioned above are not supported by the zend multibyte stuff. Hope this helps, Moriyoshi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php