Jean-Christian Imbeault <[EMAIL PROTECTED]> wrote: > Moriyoshi Koizumi wrote: > > > > Partially yes. > > > > Strings encoded in GB2312(CP936), big5, Shift_JIS are known to be > > clobbered by addslashes(). > > Sh*t ... and I just added a whole bunch of addslashes() to my code to > prevent SQL attacks. And of course my web pages are for Japanese ... and > most of them will be using SJIS. > > If I have internal_encoding set to EUC-JP does that mean that all POST > or GET vars passed in will be translated to EUC-Jp and hence my > addslahes will be fine?
That's the case as long as the browser precisely sends form contents as EUC-JP encoded strings and no automagical encoding conversion is performed there by mbstring module (I mean output_handler=mb_output_handler in ini settings). Then you have to prepare the page contents to be encoded in EUC-JP. But it's very probable that clients send form contents in UTF-8 when GET method is used.. Moriyoshi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
