php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #54605 promote the usage of mysql_set_charset
Submitted: 2011-04-26 11:26 UTC Modified: 2012-06-08 00:12 UTC
From: tyra3l at gmail dot com Assigned: philip (profile)
Status: Closed Package: Documentation problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
 [2011-04-26 11:26 UTC] tyra3l at gmail dot com
Description:
------------
I noticed that nobody from my fellow php developers are aware that they should 
use mysql_set_charset over mysql_query('SET NAMES utf-8');
I wanted to tell them to RTFM, but currently, the only place that we talk about 
mysql_set_charset is on the documentation page of mysql_client_encoding and the 
documentation page of that function, which tells that:
"This is the preferred way to change the charset. Using mysql_query() to execute 
SET NAMES .. is not recommended."
but doesn't mention why is that.

I would propose adding something like this to the documentation either as a note 
or in the description:

"As mysql_real_escape_string takes into account the current character set of the 
connection, you should only change client encoding through mysql_set_charset, 
not via mysql_query('SET NAMES ...'); or mysql_real_escape_string cannot 
guarantee that the string is properly escaped."

maybe we should link http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-
real-escape-string also.

I would also propose that we link mysql_set_charset in the documentation of 
mysql_real_escape_string, and adding a mysql_set_charset into every mysql 
example.

the same should be done to the mysqli documentation also


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-04 09:27 UTC] uw@php.net
-Assigned To: +Assigned To: philip
 [2012-05-04 09:27 UTC] uw@php.net
Do you think this can be closed meanwhile?
 [2012-05-04 11:17 UTC] jpauli@php.net
+1 for the exact same reasons as my developers do SET NAMES and are not aware of 
such functionality
 [2012-06-08 00:11 UTC] philip@php.net
Automatic comment from SVN on behalf of philip
Revision: http://svn.php.net/viewvc/?view=revision&revision=326022
Log: Documented that setting the character set via an SQL query will not be
useful to real_escape_string. This closes PHP Bug #54605
 [2012-06-08 00:12 UTC] philip@php.net
-Status: Assigned +Status: Closed
 [2012-06-08 00:12 UTC] philip@php.net
This has been fixed in SVN, thank you for the report.
 [2012-06-08 05:21 UTC] philip@php.net
Automatic comment from SVN on behalf of philip
Revision: http://svn.php.net/viewvc/?view=revision&revision=326024
Log: Added a concepts section about character sets, and linked to it in various places.
This is an improved fix for PHP Bug #54605
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC