The move from PHP 5 to PHP 6 will be a painful one. But once it’s done, I hope that it will be easier to handle safe web development for a global, multi-language internet.
After all these years, we still have major problems with encoding character sets and security vulnerabilities caused by improper use thereof. Many still think that addslashes is an effective method to avoid database injection. Chris Shiflett has put the addslashes vs. mysql_real_escape_string debate to rest. Thankfully, addslashes goes away in PHP 6.
In case you aren’t sure how your installation is set up, run this command:
and make sure it matches the above values.
Oh, and don’t forget to have your web server send out the correct content type.