php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #54605 promote the usage of mysql_set_charset
Submitted: 2011-04-26 11:26 UTC Modified: 2012-06-08 00:12 UTC
From: tyra3l at gmail dot com Assigned: philip (profile)
Status: Closed Package: Documentation problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: tyra3l at gmail dot com
New email:
PHP Version: OS:

 

 [2011-04-26 11:26 UTC] tyra3l at gmail dot com 
Description:
------------
I noticed that nobody from my fellow php developers are aware that they should 
use mysql_set_charset over mysql_query('SET NAMES utf-8');
I wanted to tell them to RTFM, but currently, the only place that we talk about 
mysql_set_charset is on the documentation page of mysql_client_encoding and the 
documentation page of that function, which tells that:
"This is the preferred way to change the charset. Using mysql_query() to execute 
SET NAMES .. is not recommended."
but doesn't mention why is that.

I would propose adding something like this to the documentation either as a note 
or in the description:

"As mysql_real_escape_string takes into account the current character set of the 
connection, you should only change client encoding through mysql_set_charset, 
not via mysql_query('SET NAMES ...'); or mysql_real_escape_string cannot 
guarantee that the string is properly escaped."

maybe we should link http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-
real-escape-string also.

I would also propose that we link mysql_set_charset in the documentation of 
mysql_real_escape_string, and adding a mysql_set_charset into every mysql 
example.

the same should be done to the mysqli documentation also

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-04 09:27 UTC] uw@php.net
-Assigned To: +Assigned To: philip
 [2012-05-04 09:27 UTC] uw@php.net 
Do you think this can be closed meanwhile?
 [2012-05-04 11:17 UTC] jpauli@php.net 
+1 for the exact same reasons as my developers do SET NAMES and are not aware of 
such functionality
 [2012-06-08 00:11 UTC] philip@php.net 
Automatic comment from SVN on behalf of philip
Revision: http://svn.php.net/viewvc/?view=revision&revision=326022
Log: Documented that setting the character set via an SQL query will not be
useful to real_escape_string. This closes PHP Bug #54605
 [2012-06-08 00:12 UTC] philip@php.net
-Status: Assigned +Status: Closed
 [2012-06-08 00:12 UTC] philip@php.net 
This has been fixed in SVN, thank you for the report.
 [2012-06-08 05:21 UTC] philip@php.net 
Automatic comment from SVN on behalf of philip
Revision: http://svn.php.net/viewvc/?view=revision&revision=326024
Log: Added a concepts section about character sets, and linked to it in various places.
This is an improved fix for PHP Bug #54605
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Jun 11 17:01:35 2024 UTC