Today I’ve spent some time looking for good articles on this subject. I’ve found two great articles that cover a lot of topics including strategies to use while working with MySQL:

Handling UTF-8 with PHP
Scripters UTF-8 Survival Guide

You can download the second one in PDF format and read it later.

But there are also another flaws that you should be aware about, for example, column truncation vulnerabilities.

This security flaw it’s related with the lack of input length validations and it seems that it is affecting a lot of known applications.

Stefan Esser wrote a great tutorial about this subject it’s a must read.

Imagine you have a field named price and it’s type is VARCHAR (it doesn’t matter why it’s not INT or FLOAT) and you want to use ORDER BY clause so you can list table rows ordered by price value.

It won’t work, since the prices will be listed alphabetically, you may read here how to fix this issue.

If you have a table labeled products, a field labeled price (typed as VARCHAR) and the following values: 1, 2, 3, 7, 8, 53, 47, 32, 99 and 327.

And you perform a query similar to the one below:

SELECT price FROM products ORDER BY price;

The result will be:

1, 2, 3, 32, 327,47, 53, 7, 8, 99

As you can see the product prices are ordered alphabetically to fix this you should add + 0 to the query (see example below):

SELECT price FROM products ORDER BY price + 0;

The result will be:

1, 2, 3, 7, 8, 32, 47, 53, 99, 327

Problem solved, now your rows will be sorted by price correctly.