-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To clarify, I'm unclear as to what "connection" means in
"Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query()." - http://us3.php.net/manual/en/function.mysql-real-escape-string.php I'm guessing it's the charset of the MySQL client (http://us3.php.net/manual/en/function.mysql-client-encoding.php) connection. Darian Anthony Patrick wrote: > Good afternoon all, > > I have several questions regarding mysql_real_escape_string (and the like). > > When default_charset is not set in php.ini, it appears that PHP has no > fallback default. Am I wrong in this thinking? Is UTF-8 the default? > > It seems best practice would dictate using the same charset from > persistent storage (ie., tables defined as utf8_unicode_ci), through to > HTML output (Content-type header, meta tag). But what about cases where > the database needs to use UTF-8, but a front-end is being written that > does not? > > What is the behavior of mysql_real_escape_string when default_charset is > not defined? > > Also, how does one define charset (as it pertains to > mysql_real_escape_string) at runtime? > > And could anyone direct me to (or incant) a working exploit that takes > advantage of the default_charset not being defined, or being defined > incorrectly? > > I've been doing my homework on this, but am coming up with insufficient > information on this topic. > > Thanks very much everyone, > > Darian _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php - -- Darian Anthony Patrick Principal, Application Development Criticode LLC (215) 240-6566 Office (866) 789-2992 Facsimile Web: http://criticode.com Email: [EMAIL PROTECTED] JID: [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF8avKKpzEXPWA4IcRAvnGAJ4l4kH3lfOQG8ITEVoe2/2APg6nqQCfWuk+ EMV5UELYGlA7ZFioUNplyO4= =S7bl -----END PGP SIGNATURE----- _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
