In-depth understanding of the difference between SET NAMES and mysql (i) _set_charset of

This article addresses: https://www.laruence.com/2010/04/12/1396.html

Please indicate the source

The company recently organized a PHP security training program, which involves about Mysql part of the "SET NAMES" and mysql_set_charset (mysqli_set_charset) is:
When it comes, try to use mysqli_set_charset (mysqli: set_charset) instead of "SET NAMES", of course, the contents of the PHP manual also Syria and, but did not explain why.
recently, several friends asked me this question, in the end Why?
asked many people, I also think we can write a blog, devoted under this section the content.
first, many people do not know "sET NAMES" in the end is to do what
my previous article in-depth MySQL character set in, has introduced character_set_client / character_set_connection / character_set_results three MySQL "environmental variables" here under another brief,
three variables were told the MySQL server, the client code set, code sets the transmission to the MySQL server's time, and the expected results of MySQL returned code set.
for example, by using the "sET NAMES utf8" it tells the server, I use utf-8 encoding, I hope you give me to return utf-8 encoded query Results.
In general, the use of "SET NAMES" is sufficient, but also ensures correct. So why manual have to say recommended mysqli_set_charset (PHP> = 5.0.5) it?
First, we look at what has been done in the end mysqli_set_charset (note the asterisk at the comment,

  
  

   
   
//php-5.2.11-SRC/ext/mysqli/mysqli_nonapi.c line 342
   
   
PHP_FUNCTION(mysqli_set_charset)
   
   
{
   
   
    MY_MYSQL            *mysql;
   
   
    zval                *mysql_link;
   
   
    char                *cs_name = NULL;
   
   
    unsigned  int         only ;
   
   
    if (zend_parse_method_parameters(ZEND_NUM_ARGS() TSRMLS_CC, getThis()
   
   
          , "Os", &mysql_link, mysqli_link_class_entry, &cs_name, &len) == FAILURE) {
   
   
        return;
   
   
    }
   
   
    MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL*, &mysql_link, "mysqli_link"
   
   
        , MYSQLI_STATUS_VALID);
   
   
    if (mysql_set_character_set(mysql->mysql, cs_name)) {
   
   
          // ** corresponding function call libmysql
   
   
        RETURN_FALSE;
   
   
    }
   
   
    RETURN_TRUE;
   
   
}
  
  

That mysql_set_character_set has done anything at all?

  
  

   
   
//mysql-5.1.30-SRC/libmysql/client.c, line 3166:
   
   
int STDCALL mysql_set_character_set(MYSQL *mysql, const char *cs_name)
   
   
{
   
   
  struct charset_info_st *cs;
   
   
  const char *save_csdir= charsets_dir;
   
   
  if (mysql->options.charset_dir)
   
   
    charsets_dir= mysql->options.charset_dir;
   
   
  if (strlen(cs_name) < MY_CS_NAME_SIZE &&
   
   
     (cs= get_charset_by_csname(cs_name, MY_CS_PRIMARY, MYF(0))))
   
   
  {
   
   
    char buff[MY_CS_NAME_SIZE + 10];
   
   
    charsets_dir= save_csdir;
   
   
    /* Skip execution of "SET NAMES" for pre-4.1 servers */
   
   
    if (mysql_get_server_version(mysql) < 40100)
   
   
      return 0;
   
   
    sprintf(buff, "SET NAMES %s", cs_name);
   
   
    if (!mysql_real_query(mysql, buff, strlen(buff)))
   
   
    {
   
   
      mysql->charset= cs;
   
   
    }
   
   
  }
   
   
  // omitted below
  
  

We can see, mysqli_set_charset in addition to doing a "SET NAMES", we also do a step further:

  
  

   
   
sprintf(buff, "SET NAMES %s", cs_name);
   
   
if (!mysql_real_query(mysql, buff, strlen(buff)))
   
   
{
   
   
  mysql->charset= cs;
   
   
}
  
  

For members of the mysql charset what role this core structure of it?
That we should talk about mysql_real_escape_string (), this function and mysql_escape_string difference is that it would consider the "current" character set. Then came the current character set it?
Yes, you guessed right, is mysql-> charset.
mysql_real_string when judging character wide character set, it is based on the member variables using different strategies, such as if it is utf-8, it will . using libmysql / ctype-utf8.c
see instances, the default character set is connected mysql latin-1, (classical problem 5c):

   
   

    
    
<?php
    
    
    $db = mysql_connect('localhost:3737', 'root' ,'123456');
    
    
    mysql_select_db("test");
    
    
    $a = "\x91\x5c";//"慭"的gbk编码, 低字节为5c, 也就是ascii中的"\"
    
    
    var_dump(addslashes($a));
    
    
    var_dump(mysql_real_escape_string($a, $db));
    
    
    mysql_query("set names gbk");
    
    
    var_dump(mysql_real_escape_string($a, $db));
    
    
    mysql_set_charset("gbk");
    
    
    var_dump(mysql_real_escape_string($a, $db));
    
    
?>
   
   

Because the "sooner" gbk encoding the low byte 5C, i.e. the default value ascii "\", and because in addition mysql (i) _set_charset Effect mysql-> charset, other time mysql-> charset are so , The result is:

  
  

   
   
$ php -f 5c.php
   
   
string(3) "慭\"
   
   
string(3) "慭\"
   
   
string(3) "慭\"
   
   
string(2) "慭"
  
  

It is now very clear, right?