1

I recently switched to PDO for many projects (used mysql/i drivers for too much time to be told) and encountered a strange behavior with the PDO Mysql driver and the charset. I found out on StackOverflow that THE correct way to intialize a utf8 connection using pdo and mysql is to add Charset=utf8 at the end of the DSN. Yet this parameter was silently ignored in php version prior to 5.3.6. Since I'm developing a cms, and I won't know which environment it will run on; I'm searching for a solution to make it compatible.

The first answer I found is use $PDO->exec("SET NAMES utf8"); Wouldn't that be the same of issuing a query, so, it would mess up thing with the escape functions.

The second answer is to set PDO::MYSQL_ATTR_INIT_COMMAND to SET NAMES utf8, so wouldn't that be the same as before ? (and so break escape functions ?)

Actually I'm getting a bit confused about this, and so I decided to ask for help. I've also thought of two solutions:

1) Build an abstraction layer and in case of PHP < 5.3.6 use mysqli driver instead

2) Utilize another charset and encode/decode each time the data are passed through the socket

Thanks

Kei
  • 771
  • 6
  • 17
  • 1
    not sure what you mean by "mess up thing with the escape functions". There's nothing in that query that'd need escaping. – Marc B Sep 06 '13 at 15:05
  • 1
    Using `SET NAMES utf8` as explained in [PHP manual](http://php.net/manual/en/mysqlinfo.concepts.charset.php) would not affect the escape functions like `mysql(i)_real_escape_string()` or `PDO::quote()` – Kei Sep 06 '13 at 15:14
  • 2
    You shouldn't be using manual quoting anyways. – Marc B Sep 06 '13 at 15:17

1 Answers1

0

Just don't bother.

As a matter of fact, utf-8 use exactly the same escaping rules as default latin1.

So, it wouldn't mess up thing with the escape functions. Not to mention that you shouldn't use them manually at all (though they are used silently in emulation mode).

As long as you are using utf-8 for your sites, just keep charset in DSN and put $PDO->exec("SET NAMES utf8"); for compatibility and you will have all the possible cases covered.

Another thing on "messing with escape functions" is that you can turn emulation mode off, and thus, as long as you are using placeholders to represent your data in the query, 

$conn->setAttribute( PDO::ATTR_EMULATE_PREPARES, false );

no escaping would be involved ever. - so, there would be no point to worry at all.

Community
  • 1
  • 1
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • Wouldn't that however expose me to injections ? (also I won't use them directly of course) – Kei Sep 06 '13 at 16:13
  • I wouldn't write my answer if it would. utf-8 is as invulnerable as latin1. That's the point. – Your Common Sense Sep 06 '13 at 16:23
  • By the way "just in case", do you happen to know how other popular CMSs handle this kind of things ? For example, do they all use utf8 or do they let the administrator decide at install-time ? – Kei Sep 06 '13 at 18:47
  • No, I don't quite know. I think most of them don't care at all. – Your Common Sense Sep 06 '13 at 19:25