[Discussion] Specify client charset in DSN

[mpyw]

We may need more discussion on this: laravel/framework#28149 laravel/framework#28137 laravel/framework#28126

---

Currently, charset is set by the set names statement. This affects server but not client. If there is a difference between charsets recognized by server and client, we may get a security risk especially on sjis and cp932 while enabling prepared statement emulation.

Official PHP manual suggests changing client charset: PHP: Character sets - Manual

As far as I know:

• PDO_MYSQL has "charset" option on DSN
• PDO_PGSQL has "options" option on DSN which can include the argument "--client_encoding=..."
• PDO_SQLITE has no options but implicitly uses UTF-8

I changed PDO_MYSQL DSN and PDO_PGSQL DSN in this Pull Request. Also PDO_ODBC DSN should be changed but I'm not familiar with it.

As some people assuming that Laravel supports emulation have changed their settings, I think it is worthwhile to specify the client charset. In any case omitting client charset is non-standard way compared to basic PDO usage.

[mpyw]

@taylorotwell @driesvints @staudenmeir

Basically, I was not willing to stick to emulation. But this time I had the purpose of temporarily changing the collation in one SQL using a placeholder. Then I came to the point that it is inconvenient without emulation.

Would you have any plans about this? Or we need to express "Laravel doesn't suport emulation. Please be careful that we don't use client charset specification." in the documentation.

[mpyw]

This works only with emulation:

Post::whereRaw('message like ? collate utf8mb4_unicode_ci', [$foo])->get();