[wp-trac] Re: [WordPress Trac] #5455: Charset SQL Injection Vulnerability

WordPress Trac wp-trac at lists.automattic.com
Tue Dec 11 10:14:16 GMT 2007

#5455: Charset SQL Injection Vulnerability
 Reporter:  pishmishy  |        Owner:  pishmishy
     Type:  defect     |       Status:  assigned 
 Priority:  normal     |    Milestone:  2.5      
Component:  Security   |      Version:  2.4      
 Severity:  normal     |   Resolution:           
 Keywords:             |  
Comment (by pishmishy):

 It appears that mysql_real_escape_string() ignores any change of character
 set during an established mysql session and continues to use the first
 character set.
 (See http://ilia.ws/archives/103-mysql_real_escape_string-versus-Prepared-
 The general fix to this problem appears to be prepared statements.
 Or perhaps someone can code a better escaping function?

Ticket URL: <http://trac.wordpress.org/ticket/5455#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list