编码
MySQL内部编码安全性
参考
使用MySQL命令行执行以下命令(MySQL5.7.32)
mysql> select 'a'='À';
+----------+
| 'a'='À' |
+----------+
| 1 |
+----------+
可以看出MySQL认为字符À于a等价。类似的我们有以下字符:
| À | a |
|---|---|
| Ç | c |
| È | e |
| Ì | i |
| Ñ | n |
| Ò | o |
| Š | s |
| Ù | u |
| ý | y |
| Ž | z |
编写脚本获取所有字母的等价字符:
<?php
function search_chars($key){
// $key = 'U+'.$key;
$regex_rul = '/<p class="uid">U\+([0-9A-F]{4})<\/p>/';
// $search_url = 'https://www.compart.com/en/unicode/'.$key;
$search_url = 'https://www.compart.com/en/unicode/search?q='.$key;
$contents = file_get_contents($search_url);
preg_match_all($regex_rul, $contents, $results);
$regx_res = $results[1];
return $regx_res;
}
function deunicode($unicode_string){
return json_decode('"\u'.$unicode_string.'"');
}
function exec_query($sql){
global $mysqli_con;
$result = $mysqli_con->query($sql);
$rows = $result->fetch_all(MYSQLI_ASSOC);
return $rows[0]['res'];
}
function verify_key($key, $respect_array){
foreach($respect_array as $_key => $value){
$compare_string = deunicode($value);
$sql = "select '$key'='$compare_string' as res";
if(exec_query($sql)){
echo "$key = $compare_string\n";
};
}
}
$mysqli_con = new Mysqli('127.0.0.1', 'root', 'xxxxx&');
$keys = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
for($i=0; $i<strlen($keys); $i++){
$key = $keys[$i];
$respect_array = search_chars($key);
verify_key($key, $respect_array);
// break;
}
$mysqli_con->close();
字母Q及q和0-9、()*&^等都不存在等价字符。
mb_strtolower()与mb_strtoupper()
详情见函数滥用