[wp-trac] Re: [WordPress Trac] #5455: Charset SQL Injection Vulnerability

WordPress Trac wp-trac at lists.automattic.com
Wed Feb 6 18:09:18 GMT 2008

#5455: Charset SQL Injection Vulnerability
 Reporter:  pishmishy  |        Owner:  pishmishy
     Type:  defect     |       Status:  assigned 
 Priority:  normal     |    Milestone:  2.6      
Component:  Security   |      Version:  2.5      
 Severity:  normal     |   Resolution:           
 Keywords:  has-patch  |  
Comment (by ryan):

 Last time we tried to switch to mysql_real_escape_string(), it stomped
 characters for lots of people.  Part of that was because of bugs in
 mysql_real_escape_string(), IIRC, some of which were addressed by
 mysql_set_charset().  To safely use mysql_real_escape_string(), I think we
 have to have mysql_set_charset() and MySQL 5.0.7 and the user needs to
 define DB_CHARSET to match his tables.  There's also the possibility I
 don't know what I'm talking about.


Ticket URL: <http://trac.wordpress.org/ticket/5455#comment:20>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list