Re: magic quotes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 9 Aug 2007 00:29:15 -0500 (CDT), "Richard Lynch" wrote:

> Problem #7:
> Magic Quotes was designed for the ASCII character set, and is
> downright dangerous to use for anything else (Unicode/UTF-8/etc). 
> ...
> [Though maybe not, as maybe addslashes can't do any harm to Unicode if
> there's no ' nor \ to escape...  You'd have to ask a Unicode geek. 
> But they'd tell you to just turn off the Magic Quotes and be done with
> it anyway.]

   UTF-8 was designed to avoid collision with ASCII.
Code points above U+7f only contain octets in the
range 0x80 to 0xff, so magic quotes should work
just fine for UTF-8 (if magic quotes can be said to
"work fine" at all).

   The situation is different when it comes to
UTF-16 and -32, where magic quotes could insert
octets inside code units. Example: U+0100 (A with
macron) is <01 00> in UTF-16BE which addslashes()
turns into <01 5c> <00 -->.

 -  -  - 

   I mention addslashes() in the example because
I don't know how to provoke a browser to make a
form submission in UTF-16. Has anyone ever seen
a form submission using anything other than UTF-8
or one of the "extended ASCII" encodings?


/Nisse

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux