I am writing a log in script and i was wondering if it's possible for someone to post characters other than UTF-8 to my script. My reason is i know MySQL's function: mysql_real_escape_string is 100% effective on UTF-8 but not sure on other encoding.
If this is a PHP.ini kind of thing, what's it called?
preguntado el 09 de marzo de 12 a las 22:03
I believe if a user overrides the character encoding set by the page (i.e.
View->Character Encoding->xxxxx in Firefox), then the data POSTed will use that encoding. However, there is a very small list of characters that can be used to perform a SQL injection attack, and I think
mysql_real_escape_string takes care of those - input encoding shouldn't matter, it's about how MySQL interprets the characters.