Jean-Christian Imbeault <[EMAIL PROTECTED]> wrote:
> Sorry if my intentions were not clear but I am trying to protect myself
> from SQL injection attacks by using addslashes() to user provided
> information. I cannot assume anything about the incoming data (not even
> the encoding) since anyone trying to hack my machine by using such a
> technique could pretty much send whatever they wanted using a telnet
> session or what not ...
Sorry for my misleading words too... SQL injection attacks can be
prevented with a self-made addslashes() even if you choose SJIS for the
internal charset.
example:
<?php
mb_internal_encoding("Shift_JIS");
$escaped = mb_ereg_replace("([\\\"'\0])", "\\\\1", $sjis_string);
?>
> > Anyway, Shift_JIS is not a great choice for PHP scripting.
>
> Tell me about it. I have the hardest time getting the people who
> actually make the HTML page to use EUC instead of SJIS. Of course they
> all use MS platforms to create the HTML content so they can't understand
> why SJIS causes me pain when I try and edit it in *NIX box or parse it
> in PHP ...
The main reason is that several SJIS characters, each of which is a
compound of the lead byte and the second byte, may contain a byte for the
second byte whose value is the same as the character code of "\"
(backslash = \x5c) and such double-byte characters are unfortunately
mistreated by PHP since backslashes are also used for escape sequences in
string literals.
http://www.microsoft.com/globaldev/reference/dbcs/932.htm
You can avoid this issue by configuring a PHP build
with --enable-zend-multibyte option and set mbstring.script_encoding to
SJIS.
Also keep in mind that the same thing applies to
CP936(a GB2312 variant, used in the simplified Chinese version of Windows),
CP949(a KSC5601 variant, used in the Korean version of Windows), and
CP950(big5, used in the traditional Chinese version of Windows).
However, as of the current implementation, the character sets / encodings
mentioned above are not supported by the zend multibyte stuff.
Hope this helps,
Moriyoshi
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
