SQL Injection - Enconding

Asked Jun 15 '13 at 01:39

Active Jun 15 '13 at 02:16

Viewed 54 times

I would like to clarify a question that I have, if my page request to the database with your charset is set to UTF-8, and the response of the request to the database is in ISO-8859-2/LATIN1 this causes a opening for sql injection, how could this be?

Example:

search.php ---- declaring the encoding in html header (Content-Type: text / html; charset = utf-8)

make a request in my MySQL database (Server charset: Latin1 (ISO-8859-1))

search.php? id = blablabla

answer:

search_results.php --- declaring the encoding in html header (Content-Type: text / html; charset = utf-8)

Note that the encoding of MySQL database is different from the page that will display the result, search_results.php, what will prevail is the database, right? This causes a gap to SQL Injection because certain characters may differ from ISO-8859-1 to UTF-8, and also as an example to other encodings.

edited Jun 15 '13 at 02:16

asked Jun 15 '13 at 01:39

Rasmus Stahl Lindberg

No, my question is different. – Rasmus Stahl Lindberg Jun 15 '13 at 01:46
It is. But its intent is also mostly incomprehensible. If it's not entirely based on presumptions, elaborate with an example. – mario Jun 15 '13 at 01:49
Ok, i wrote an example. – Rasmus Stahl Lindberg Jun 15 '13 at 01:54
it could be great question if you provide proper example – NullPoiиteя Jun 15 '13 at 02:08
A more precise example. – Rasmus Stahl Lindberg Jun 15 '13 at 02:16

SQL Injection - Enconding

0 Answers0