NYCPHP Meetup

[Chris Shiflett]

Cliff wrote:
> Well, of course the good one's was Chris'.

Glad to hear you liked it, Cliff. :-) I'm especially glad to hear that 
you appreciate the small size, since that was one of my primary goals. 
There are some sample chapters and such available online:

http://phpsecurity.org/

Regarding the original topic, Ilia has posted a follow-up:

http://ilia.ws/archives/103-mysql_real_escape_string-versus-Prepared-Statements.html

He explains that mysql_real_escape_string() doesn't use the correct 
character sets when you use a query to change it:

SET CHARACTER SET 'GBK'

It might be the intended behavior, or there might be a reason why it's 
impossible for mysql_real_escape_string() to know about the change. 
Anyone know? This smells like a bug to me, but I hate to cry bug without 
being certain.

Chris

-- 
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/