Reputation: 3534
Can POST vars be submitted in a user chosen encoding? (non UTF-8)
I am writing a log in script and i was wondering if it's possible for someone to post characters other than UTF-8 to my script. My reason is i know MySQL's function: mysql_real_escape_string is 100% effective on UTF-8 but not sure on other encoding.
If this is a PHP.ini kind of thing, what's it called?
Upvotes: 0
Views: 42
Answers (1)
Reputation: 14834
I believe if a user overrides the character encoding set by the page (i.e. View->Character Encoding->xxxxx in Firefox), then the data POSTed will use that encoding. However, there is a very small list of characters that can be used to perform a SQL injection attack, and I think mysql_real_escape_string takes care of those - input encoding shouldn't matter, it's about how MySQL interprets the characters.
Upvotes: 1
Related Questions
- insert variable to mysql database as utf-8
- MySQL encoding for storing several languages
- Can a single MySQL server support multiple encodings?
- mysql + php encoding
- Handling Charset (User input -> Php -> Mysql and back again)
- PHP and MySQL encoding
- How to ensure variables submitted in UTF8 using jquery $.post
- Simple HTML form with POST to SQL function encoding problem?
- mysql and encoding
- lamp stack / user input and character encoding