cringe Posted April 22, 2009 Share Posted April 22, 2009 Hi All, I read in a PHP book that using utf8_decode() function is useful for security reasons, but the book didn't say why. I understand binary, ASCII, EBCDIC, Unicode, etc but I can't connect the dots. How could a hacker exploit a string in PHP (via $_POST or $_GET I suppose) and how does utf8_decode() thwart that attack? Can someone paint me a picture? Thanks! Chris Link to comment https://forums.phpfreaks.com/topic/155221-utf8_decode-for-security/ Share on other sites More sharing options...
Mchl Posted April 22, 2009 Share Posted April 22, 2009 Not sure... I know certain other multibyte encodings can be exploited for SQL injection, but UTF-8 is supposed to be safe in this regard... In fact there's a comment in manual entry for utf8_decode that explains when using this function actually introduces a security threat (search the page for 'security'). Link to comment https://forums.phpfreaks.com/topic/155221-utf8_decode-for-security/#findComment-816727 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.