-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good afternoon all,
I have several questions regarding mysql_real_escape_string (and the like). When default_charset is not set in php.ini, it appears that PHP has no fallback default. Am I wrong in this thinking? Is UTF-8 the default? It seems best practice would dictate using the same charset from persistent storage (ie., tables defined as utf8_unicode_ci), through to HTML output (Content-type header, meta tag). But what about cases where the database needs to use UTF-8, but a front-end is being written that does not? What is the behavior of mysql_real_escape_string when default_charset is not defined? Also, how does one define charset (as it pertains to mysql_real_escape_string) at runtime? And could anyone direct me to (or incant) a working exploit that takes advantage of the default_charset not being defined, or being defined incorrectly? I've been doing my homework on this, but am coming up with insufficient information on this topic. Thanks very much everyone, Darian - -- Darian Anthony Patrick Principal, Application Development Criticode LLC (215) 240-6566 Office (866) 789-2992 Facsimile Web: http://criticode.com Email: [EMAIL PROTECTED] JID: [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF8ak2KpzEXPWA4IcRAod5AJ4rbPBTfe8Iab0acgquiC5w5Z5dJQCfaHe1 rWkQ7klGR7XFp3CmG7QuoYc= =He9m -----END PGP SIGNATURE----- _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
