[pgpool-general: 1134] pgpool / PHP-PDO / Quoting Issue with latin1

Philip Hofstetter phofstetter at sensational.ch
Fri Oct 26 16:18:04 JST 2012


I have an issue with a setup where PHP with pdo_pgsql is talking to a
pgpool server when client_encoding is set to latin1 (the database
encoding is utf-8).

Here's the sample script:

$db = new PDO("pgsql:dbname=heineken;user=popscan;host=pgpool");
$db->exec("set names 'latin1'");
echo $db->quote("Bär's Hütte")."\n";

Store this script in latin1 encoding and then run it.

When connected to postgres directly, the output is correctly

'Bär''s Hütte' (in latin1)

But when connected to pgpool, the output is incorrectly:

'Bär's Hütte'

This of course is problematic as this opens applications behind pgpool
to bad SQL injections when high-bit characters are being used.

I know that the correct solution is to use utf-8 client encoding to
begin with, but this is an older but still supported version of our
application that I can't just port to utf-8 - later versions are using
utf-8 and are not hit by this issue.

Any idea what I did wrong here?


More information about the pgpool-general mailing list