Tag Archives: MySQL

UTF-8 + PHP = Headache?

As some of you know PHP doesn’t handle UTF-8 by default and that could lead to a terrible headache, at least till version 6 cames out.

Today I’ve spent some time looking for good articles on this subject. I’ve found two great articles that cover a lot of topics including strategies to use while working with MySQL:

Handling UTF-8 with PHP
Scripters UTF-8 Survival Guide

You can download the second one in PDF format and read it later.

SQL Column Truncation Vulnerabilities

One of the biggest concerns for Web Developers while developing something with SQL, is to avoid SQL-Injection problems, because those are the most common security flaws.

But there are also another flaws that you should be aware about, for example, column truncation vulnerabilities.

This security flaw it’s related with the lack of input length validations and it seems that it is affecting a lot of known applications.

Stefan Esser wrote a great tutorial about this subject it’s a must read.

MySQL bug related with natural number order fix

It seems that this is a known bug but I only noticed it yesterday.

Imagine you have a field named price and it’s type is VARCHAR (it doesn’t matter why it’s not INT or FLOAT) and you want to use ORDER BY clause so you can list table rows ordered by price value.

It won’t work, since the prices will be listed alphabetically, you may read here how to fix this issue.

Continue reading