Can the problem of double-byte injection in SQL be solved by transferring utf-8 first?

SQL quotation marks backslash escape can be bypassed by double-byte injection. Can this problem be avoided by transferring utf-8 first?


the ultimate solution to the java or php, injection problem is to abandon sql splicing and use the parameter placeholder of PrepareStatement


use the parameter binding method of php's PDO to avoid the problem of sql injection

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e494a1-432d2.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e494a1-432d2.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?