Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:27637
Return-Path: <scottmacvicar@ntlworld.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 62053 invoked by uid 1010); 24 Jan 2007 15:12:58 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 62037 invoked from network); 24 Jan 2007 15:12:58 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Jan 2007 15:12:58 -0000
X-Host-Fingerprint: 217.155.246.60 office.vbulletin.com  
Received: from [217.155.246.60] ([217.155.246.60:20282] helo=localhost.localdomain)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 87/B6-08544-A7777B54 for <internals@lists.php.net>; Wed, 24 Jan 2007 10:12:58 -0500
Message-ID: <87.B6.08544.A7777B54@pb1.pair.com>
To: internals@lists.php.net
Date: Wed, 24 Jan 2007 15:12:54 +0000
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
References: <45362247.2000306@ntlworld.com> <68.D3.08544.E6F67B54@pb1.pair.com> <dc2522540701240644p678bcd1ax7683e425e02ade22@mail.gmail.com>
In-Reply-To: <dc2522540701240644p678bcd1ax7683e425e02ade22@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Posted-By: 217.155.246.60
Subject: Re: [PHP-DEV] Re: [Patch] mysql_set_charset for mysql ext
From: scottmacvicar@ntlworld.com (Scott MacVicar)

I'm surprised I didn't find this last October when I posted the first round.

Unfortunately most system administrators realise mysql isn't enabled by 
default with PHP 5 and then just enable mysql alone ignoreing mysqli.

Since this could be considered a security fix I'm hoping Derick will 
make an exception and just patch this for 4.4.5. But even if he doesn't, 
maybe Ilia will apply the patches to 5_2 and HEAD. Unless there is an 
easy way to mass educated people about MySQLi.

Regards,
Scott

Olivier Hill wrote:
> Hello Scott,
> 
> I did something similar a while ago. You can see [1] why this will not
> be included in PHP4, as it is considered a new feature.
> 
> Regards,
> Olivier
> [1] http://marc.theaimsgroup.com/?t=115220027800004&r=1&w=2
> 
> On 1/24/07, Scott MacVicar <scottmacvicar@ntlworld.com> wrote:
>> This is a gentle nudge, there was no interest since this was posted 2
>> months ago, we had a client who get exploited recently because of this
>> issue. We use mysqli where appropriate but sometimes its not available
>> because hosts don't know any better.
>>
>> Since there are no plans to deprecate the mysql extension any time soon
>> we at least need the ability to protect ourselves. Patches are again PHP
>> 4_4, 5_2 and HEAD.
>>
>> Scott
>>