¿Se pueden enviar las variables POST en una codificación elegida por el usuario? (no UTF-8)

I am writing a log in script and i was wondering if it's possible for someone to post characters other than UTF-8 to my script. My reason is i know MySQL's function: mysql_real_escape_string is 100% effective on UTF-8 but not sure on other encoding.

If this is a PHP.ini kind of thing, what's it called?

preguntado el 09 de marzo de 12 a las 22:03

1 Respuestas

I believe if a user overrides the character encoding set by the page (i.e. View->Character Encoding->xxxxx in Firefox), then the data POSTed will use that encoding. However, there is a very small list of characters that can be used to perform a SQL injection attack, and I think mysql_real_escape_string takes care of those - input encoding shouldn't matter, it's about how MySQL interprets the characters.

respondido 09 mar '12, 22:03

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.