I'm trying to use paypal ipn in order to insert things into a database when an order is complete.
I need to insert a sentence in a sql database, the sentence is:
"This is my sentence à é è"
The "é" and the "è" characters works completely fine but for the "à", it is replaced in the dabatase by "?".
I have litteraly no idea why the "à" doesn't work, I guess it's a problem with charset.
Here is my code:
$config = parse_ini_file('config.ini');
$conn = mysqli_connect($config['server_name'], $config['mysql_username'], $config['mysql_password'], $config['db_name']) or die(mysqli_error($conn));
mysqli_set_charset($conn, "utf8");
$mysql_qry_insert = "SET NAMES utf8 ";
$resultttt = mysqli_query($conn,$mysql_qry_insert) or die(mysqli_error($conn ));
mb_internal_encoding("UTF-8");
$sentence = $customIpnPaypalVar;
$mysql_qry_insert2 = "insert into dbTest values ('".mysqli_real_escape_string($conn,$customIpnPaypalVar)."')";
$resultttt = mysqli_query($conn ,$mysql_qry_insert2) or die(mysqli_error($conn ));
And the database show me: "This is my sentence ? é è".
I also tried to replace the à with à but it didn't work.
Thank you.
Edit:
I think that my problem come from paypal when passing datas from my form to the IPN, any ideas of what is going on ?
Edit 2:
The problem come from Paypal for sure, when I pass a custom variable in the custom field from paypal Form and retrieve it in the ipn in log it shows me good accent but when I insert the variable in the database the accent doesn't work, why is that ?
The solution of my problem was using mysqli prepared statement, for some reason the specials characters worked with this method. Moreover it seems to be more secure.
Thank you Magnus Eriksson for helping me there.
Related
I have a problem for days with MySQL and PHP.
I load data from a CSV and write it to a database. Unfortunately, umlauts are not displayed correctly, so a ü is written to the database as u00fc, for example.
I use MySQL because it can not be otherwise, after establishing the MySQL connection, I execute the following commands
mysql_set_charset('UTF8', $newsystem);
mysql_query("SET CHARACTER SET 'UTF8'", $newsystem);
The collation is set to utf8_general_ci.
To enter the data, the data is converted using json_encode.
The array is created as follows:
$jsonOrderDaten = array('id' => $daten[11], 'bezeichnung' => $daten[12], 'stueckzahl' =>$daten[14], 'preis' => $daten[15], 'mwst_satz' => $daten[16]);
Und der MySQL Eintrag erfolgt so:
$insertquery = "INSERT INTO `e_paket` (`paket_id`, `ebay_verkaufsnr`, `adress_daten`, `bestell_daten`, `ebay_order`, `status`) VALUES ('$packid', '$ebayorderid', '$jsonKD', '$jsonOD', 1, 0)";
mysql_query($insertquery ,$newsystem);
Can someone help me with my problem?
Best regards,
Pascal
The problem here is the JSON encoding. All special unicode characters get escaped (e.g. german umlauts).
To fix this you could set the JSON_UNESCAPED_UNICODE flag on the encode method like this:
$jsonOD = json_encode($jsonOrderDaten ,JSON_UNESCAPED_UNICODE);
Please note that you should watch out for SQL-Injection!
I think using "LOAD DATA LOCAL INFILE" will solve your problem. It is more faster than normal insertion. Please https://dev.mysql.com/doc/refman/5.7/en/load-data.html for more details.
You could also do mysql_query ("SET NAMES UTF8");
Also, not only the connection has character encoding, but also the database, the table and each column have their own default encoding. Check them if they are set to something different.
Mysqli, injection, prepared_statements, the others have already commented on them.
I am creating a chat feature for my project where people can send messages to each other, but the problem is i want user to send anything, text, quotes or anything... But the problem is when i am sending degree symbol or sign, it does not inserts anything.
My code (This is example of what i have tried) :
<?php
$message = htmlspecialchars($_POST['message']);
$message = mysqli_real_escape_string($con, $message);
//Here i am inserting everything
mysqli_query($con, "INSERT INTO message (message) VALUES ('$message')");
?>
Hope you guys have understand my problem, i need help, please help me.
It may be something related to the database's collation. Try changing it to utf8. You may also consider this option of mysqli - mysqli::set_charset().
Try with PDO, it should work even if $message contains quotes or anything:
$query=$pdo->prepare("INSERT INTO message (message) VALUES (:message)");
$query->execute(array(
"message"=>$message
));
I´m creating a simple register and login system for a school project where you sign up through a form.
This is my code for the sign up process (without the bunch of tests´ that determine if fields were left empty etc.), this is just the query part.
Sorry about the variables containing Danish signs (ÆØÅ), and being in danish, but i have made a couple of tests where it didn´t matter if i used æøå or some other kind of letters.
I simply can´t understand why this little piece of code won´t work:
//I retrieve alot of variables from a form
$Fornavn = mysql_real_escape_string($_POST["Fornavn"]);
$Efternavn = mysql_real_escape_string($_POST["Efternavn"]);
$Koen = mysql_real_escape_string($_POST["Koen"]);
$Etnicitet = mysql_real_escape_string($_POST["Etnicitet"]);
$Brugernavn = mysql_real_escape_string($_POST["Brugernavn"]);
$Password = mysql_real_escape_string($_POST["Password"]);
$Mail = mysql_real_escape_string($_POST["Mail"]);
$Haarfarve = mysql_real_escape_string($_POST["Haarfarve"]);
$Oejenfarve = mysql_real_escape_string($_POST["Oejenfarve"]);
$Vaegt = mysql_real_escape_string($_POST["Vaegt"]);
$Hoejde = mysql_real_escape_string($_POST["Hoejde"]);
//The query
mysqli_query($con, "INSERT INTO bruger (Fornavn, Efternavn, Køn, Etnicitet, Brugernavn, Password, Mail, Hårfarve, Øjenfarve, Vaegt, Højde)
VALUES ('$Fornavn', '$Efternavn', '$Koen', '$Etnicitet', '$Brugernavn', '$Password', '$Mail', '$Haarfarve', '$Oejenfarve', '$Vaegt', '$Hoejde')");
echo $Fornavn;
Edit:
I know it doesn´t work since nothing appears in my mysql database after i run the code.
It just returns zero rows (i use phpmyadmin btw.) And i don´t really get any error messages or anything.
As suggested i have tried to use Mysqli_* for my variables instead:
//I retrieve alot of variables from a form
$Fornavn = mysqli_real_escape_string($con,$_POST["Fornavn"]);
$Efternavn = mysqli_real_escape_string($con,$_POST["Efternavn"]);
$Koen = mysqli_real_escape_string($con,$_POST["Koen"]);
$Etnicitet = mysqli_real_escape_string($con,$_POST["Etnicitet"]);
$Brugernavn = mysqli_real_escape_string($con,$_POST["Brugernavn"]);
$Password = mysqli_real_escape_string($con,$_POST["Password"]);
$Mail = mysqli_real_escape_string($con,$_POST["Mail"]);
$Haarfarve = mysqli_real_escape_string($con,$_POST["Haarfarve"]);
$Oejenfarve = mysqli_real_escape_string($con,$_POST["Oejenfarve"]);
$Vaegt = mysqli_real_escape_string($con,$_POST["Vaegt"]);
$Hoejde = mysqli_real_escape_string($con,$_POST["Hoejde"]);
//The query
mysqli_query($con, "INSERT INTO bruger (Fornavn, Efternavn, Køn, Etnicitet, Brugernavn, Password, Mail, Hårfarve, Øjenfarve, Vaegt, Højde)
VALUES ('$Fornavn', '$Efternavn', '$Koen', '$Etnicitet', '$Brugernavn', '$Password', '$Mail', '$Haarfarve', '$Oejenfarve', '$Vaegt', '$Hoejde')");
echo $Fornavn;
But it doesn´t work.
Everything is stored as "Varchar" in the database with collation "utf8_danish_ci".
Answer to comments:
#John #Jayaram I do not retrieve any error messages, or perhaps i don´t know where they go? Im really new to Mysql and PHP.
#Adunahay Vaegt and Højde are stored as Varchar in the table.
#Gordon The code for the connection is as follows:
//We check the connection
$con = mysqli_connect("localhost","Mads","","meat-market");
//If there is a fail.
if (mysqli_connect_errno())
{
echo "<h1> Det er vores fejl:</h1><br /><h2>Kunne ikke forbinde til Databasen:</h2><br /> " . mysqli_connect_error();
exit;
}
Altough im sure the table exist and the database does since i can see it in Phpmyadmin. The user Mads also has all of the necessary permissions.
#Raphaël I´m not aware if you can use special chars, but i have made a couple of tests before where i tried with special chars and it seemed to work fine.
#dboals I don´t know what you mean (i´m new to php), further explanation would be welcomed.
It's because you're using mysql_* for your POST variables and mysqli_* for your DB connection and in your query using $con as the first variable, which is mysqli_* syntax.
Change:
$Fornavn = mysql_real_escape_string($_POST["Fornavn"]);
to
$Fornavn = mysqli_real_escape_string($con,$_POST["Fornavn"]);
and do the same for the others.
Sidenote: Use all mysqli_* functions exclusively for your entire code --- mysqli_* and mysql_* functions do not mix together.. (which I recommend you use and with prepared statements, or PDO)
An example of preparing and binding for mysqli_ can be found HERE.
I found out what was wrong.
First off i needed to change mysql_* to mysqli_* in my variables.
But after that it still didn´t work.
Then i tried to change the letters "æ ø å" to something that wasn´t special letters in the database.
It didn´t seem to matter in the variable names tho.
So instead:
Æ = AE
Ø = OE
Å = AA
So apparently special characters are no go, eventough it seems to be a bit inconsistent since i have done it with special characters before... I don´t know if it is dependent of the collaction of the database...
But thanks to everyone!
EDIT!:
I´m using the UTF8_Danish_ci collation in my table and all the rows.
But after this i still had the problem that if i entered a special character in the form, it would show up as A| or something like that in the database.
I have fixed this by doing the following for each variable that comes from the form:
$Fornavn =utf8_decode($_POST["Fornavn"]);
$Fornavn = mysqli_real_escape_string($con,$Fornavn);
And add the following parameter to my FORM tag:
accept-charset="UTF-8"
Still haven´t been able to execute mysqli queries where the row names contains Æ Ø or Å.
I apologize if this is a duplicate question. I am a newbie to special characters and know very little about special character encoding and decoding. I looked all over stackoverflow, tried the solutions but still cannot solve my problem. I have stored special characters in my mysql database, like prēməˈCHo͝or/,/-ˈt(y)o͝or. Database collation is utf8_bin. It shows fine in my database field but on my page, it displays as ?pr?m??CHo?or/,/-?t(y)o?or. I have added the following line to display this field:
<?php
echo strip_tags(html_entity_decode($row->Phonetic_eng,ENT_QUOTES, "UTF-8"));
?>
I have also added this to the php file:
<html><head><meta http-equiv="Content-type" content="text/html;charset=UTF-8"></head></html>
Kindly note that saving to database is not the issue I think. It is displaying the data that is the problem I think. In that case, how should I write the display statement:
<?php
echo strip_tags(html_entity_decode($row->Phonetic_eng,ENT_QUOTES, "UTF-8"));
?>
I would really appreciate any help. Thank you in advance
Assuming you're using MySQLi and something to the affect of:
$con=mysqli_connect("xxx","xxx","xxx","xxx");
use $con->set_charset("utf8"); just above your queries.
After selecting database, add this:
mysql_query("set names 'utf8'");
EDIT: After feedback from my original post, I've change the text to clarify my problem.
I have the following query (pseudo code):
$conn = mysql_connect('localhost', 'mysql_user', 'mysql_password');
mysql_query("SET NAMES 'utf8'; COLLATE='utf8_danish_ci';");
mysql_query("SELECT id FROM myTable WHERE name = 'Fióre`s måløye'", $conn);
This returns 0 rows.
In my logfile, I see this:
255 Connect root#localhost on
255 Query SET NAMES 'utf8'; COLLATE='utf8_danish_ci'
255 Init DB norwegianfashion
255 Query SELECT id FROM myTable WHERE name = 'Fióre`s måløye'
255 Quit
If I run the query directly in phpMyAdmin, I get the result.
Table encoding: UTF-8
HTML page encoding: UTF-8
I can add records (from form input) where names uses accents (e.g. "Fióre`s Häßelberg")
I can read records with accents when using -> "name LIKE '$labelName%'"
The information in the DB looks fine
I have no clue why I can't select any rows which name has accent characters.
I really hope someone can help me.
UPDATE 1:
I've come to a compromise. I'll be converting accents with htmlentities when storing data, and html_entity_decode when retrieving data from the DB. That seems to work.
The only drawback I see so far, is that I can't read the names in cleartext using phpMySQL.
I think you should rather return $result than $this->query.
Additionally you should be aware of SQL injection and consider using mysql_real_escape_string or Prepared Statements to protect you against such attacks. addslashes is not a proper protection.
As other answers indicate, this very much seems like an encoding problem. I suggest turning on query logging ( http://dev.mysql.com/doc/refman/5.1/en/query-log.html ) as it can show you what the database really receives.
UPDATE:
I finally found a page explaining the dirty details of PHP and UTF-8 (http://www.phpwact.org/php/i18n/charsets). Also, make sure you read this (http://niwo.mnsys.org/saved/~flavell/charset/form-i18n.html) to understand how you to get proper data returned from form posts.
Try this query. If you get results, then it's an issue with your backtick character in the query
SELECT * FROM sl_label WHERE name Like 'Church%'
Maybe try checking for error messages after calling the query (if you aren't already doing this outside that function). It could be telling you exactly what's wrong.
As Artem commented, printing out the actual query is a good idea - sometimes things aren't exactly as you expect them to be.
This might be an encoding issue, the ' in Church's might be a fancy character. PHPMyAdmin could be UTF-8, and your own PHP website could be iso-latin1.
I'm looking at this line
mysql_query("SET NAMES 'utf8'; COLLATE='utf8_danish_ci';");
and I think it might be an error. With the ';' you are sending two queries to the server, but COLLATE is a clause, not a legal statement on its own. Try:
mysql_query("SET NAMES 'utf8' COLLATE 'utf8_danish_ci'");
If the COLLATE clause is not being accepted by the server, you might be having the problem of your label column having a danish_ci collation, but the statements coming in have the default (prob utf_general_ci). There would be no match for the accented characters, but the wildcard works because the representation for the basic ascii characters are the same.