Jump to content

utf8_decode for security?


cringe

Recommended Posts

Hi All,

 

I read in a PHP book that using utf8_decode() function is useful for security reasons, but the book didn't say why. I understand binary, ASCII, EBCDIC, Unicode, etc but I can't connect the dots. How could a hacker exploit a string in PHP (via $_POST or $_GET I suppose) and how does utf8_decode() thwart that attack? Can someone paint me a picture? Thanks!

 

Chris

Link to comment
https://forums.phpfreaks.com/topic/155221-utf8_decode-for-security/
Share on other sites

Not sure... I know certain other multibyte encodings can be exploited for SQL injection, but UTF-8 is supposed to be safe in this regard...

 

In fact there's a comment in manual entry for utf8_decode that explains when using this function actually introduces a security threat (search the page for 'security').

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.