diff --git a/reference/mysql/functions/mysql-real-escape-string.xml b/reference/mysql/functions/mysql-real-escape-string.xml index d3270c13f5..308d4764cd 100644 --- a/reference/mysql/functions/mysql-real-escape-string.xml +++ b/reference/mysql/functions/mysql-real-escape-string.xml @@ -40,6 +40,20 @@ This function must always (with few exceptions) be used to make data safe before sending a query to MySQL. + + + Security: the default character set + + Always set your character set at the server level, or with mysql_set_charset. + + + mysql_real_escape_string will take into account the character set + if it is set by either the MySQL Server (e.g., via its default-character-set directive) + or from mysql_set_charset. But, it will not use the character set that is set with + an SQL query, like as a SET CHARACTER SET ... or SET NAMES ... query + with mysql_query. + + @@ -159,6 +173,7 @@ SELECT * FROM users WHERE user='aidan' AND password='' OR ''='' &reftitle.seealso; + mysql_set_charset mysql_client_encoding addslashes stripslashes diff --git a/reference/mysqli/mysqli/character-set-name.xml b/reference/mysqli/mysqli/character-set-name.xml index 86f923e672..947071779f 100644 --- a/reference/mysqli/mysqli/character-set-name.xml +++ b/reference/mysqli/mysqli/character-set-name.xml @@ -98,6 +98,7 @@ Current character set is latin1_swedish_ci &reftitle.seealso; + mysqli_set_charset mysqli_client_encoding mysqli_real_escape_string diff --git a/reference/mysqli/mysqli/real-escape-string.xml b/reference/mysqli/mysqli/real-escape-string.xml index 3c4b231199..3c5f229d4e 100644 --- a/reference/mysqli/mysqli/real-escape-string.xml +++ b/reference/mysqli/mysqli/real-escape-string.xml @@ -29,6 +29,19 @@ SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection. + + Security: the default character set + + Always set your character set at the server level, or with mysqli_set_charset. + + + mysqli_real_escape_string will take into account the character set + if it is set by either the MySQL Server (e.g., via its default-character-set directive) + or from mysqli_set_charset. But, it will not use the character set that is set with + an SQL query, like as a SET CHARACTER SET ... or SET NAMES ... query + with mysqli_query. + + @@ -155,6 +168,7 @@ Error: 42000 &reftitle.seealso; + mysqli_set_charset mysqli_character_set_name