> My php code when I insert thing in the mySQL database from flash is like
> this..
> ...
> $newtitle =utf8_encode($_GET[newtitle]);;
I don't know anything about specific Greek issues, and I usually let the
mbstring extension (*) handle conversions, but the above line seems
strange. This PHP script is receiving data from a flash application
isn't it? Is it old flash (version 5 or 6 or so?)? If not I think flash
will already be sending the data in UTF-8, so you shouldn't do anything
again.
Best way to be sure is to log $_GET['newtitle'] and view it in a text
editor set up for UTF-8. (Beware of intelligent text editors that
automatically convert encodings for you, when debugging character set
problems!)
> $qResult = mysql_query ("INSERT INTO proteinoume_db VALUES
> (
> '','$newtitle','$newpublisher','$newyear',NOW(),'$newdescription','$newpath'
> );");
If I call your script with say, newpath="';DELETE * FROM
proteinoume_db;(" then I get to delete all your data. (Actually I think
MySQL stops that particular attack, but there are a hundred other
variations.) Never use GET data directly in a query.
After grabbing from $_GET[] and before making your sql you could do:
$newtitle=addslashes($newtitle);
$newpublisher=addslashes($newpublisher);
...
This may also help your other problems (e.g. if the title contains a
slash or apostrophe your insert would be going wrong).
Darren
*: Quick plug for my article on using mbstring in the Aug and Sep 2007
issues of php Architect magazine. I use UTF-8 everywhere, and though the
article focuses on Japanese and Chinese, the same techniques should work
for Greek or any language supported by Unicode:
http://www.phparch.com/c/magazine/issue/57
http://www.phparch.com/c/magazine/issue/58
I can also highly recommend the Security Corner of that same magazine,
to make you aware of just how many ways a hacker can exploit innocent
code. Get two years of back issues and start reading :-).
--
Darren Cook
http://dcook.org/mlsn/ (English-Japanese-German-Chinese free dictionary)
http://dcook.org/work/ (About me and my work)
http://dcook.org/work/charts/ (My flash charting demos)
_______________________________________________
osflash mailing list
[email protected]
http://osflash.org/mailman/listinfo/osflash_osflash.org
