This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 7 years ago.
I have never come across this before and it's completely stumped me!
I am using some custom front end posting scripts in Wordpress, these work absolutely fine, everything is escaped correctly before the data is saved to the db etc, but I seem to be having an issue with the apostrophe (single quote) when entered on a Mac keyboard.
An example post using various chars is entered in the text area :
a post with other chars `~":;?/[]{}-_=+!£$%^&*()'
And this is what is saved in the db (and then displayed on the page when called) :
a post with other chars `~":;?/[]{}-_=+!£$%^&*()'
This is how the data is being saved to the db for clarity :
esc_attr(strip_tags($_POST['postContent'])),
If I copy and paste an apostrophe from a webpage like this for example it saves just fine :
Ain’t that strange!
But that slanted apostrophe isn't available (as standard) on the Mac keyboard, the default is the single quote '
I have never come across this issue before.
Anybody got any suggestions or workarounds as I'm at my wits end!
Ok found it..
Instead of :
esc_attr(strip_tags($_POST['postContent'])),
Use the built in wordpress function sanitize_text_field :
'post_content' => sanitize_text_field($_POST['postContent']),
Related
This question already has answers here:
How to make MySQL handle UTF-8 properly
(15 answers)
UTF-8 all the way through
(13 answers)
Closed 5 years ago.
I'm new to php, i made a php user interface with input fields that formulates, prints and execute a query showing the database reply or error.
It usually works fine but when i make a query with accented fields like in
"INSERT INTO `Nave` (`Targa`, `Nazionalità`, `Nome`) VALUES('0', 'italia', 'nave0');"
php successfully creates the query, prints and executes it without any further modifications but it fails saying "Unknown column 'Nazionalità' in 'field list'"
but if i copy/paste the same exact query printed by php into phpmyadmin it works (so obiouvsly the column 'Nazionalità' does exist) what is happening?
Notice that if the php generated query has no fields with accent it works even in php.
Notice also that individually neither my php nor mysql have any issues dealing with accent. so it's NOT a duplicate of How to make MySQL handle UTF-8 properly because that's a mysql individual issues, my database works fine.
EDIT: All the answers so far explained how to fix the database, but the database does works fine!
I do not know how to make it understand that, read more about the question guys...
But the second duplicate suggestion was quite right and there i found my solution which I copy here for convenience of those who will visit this page having the same problem: "$mysqli->set_charset('put here the same charset used in your db');" OR "mysqli_set_charset($link, 'charset');"
Thank for your help.
change your character set of database to UTF-8 by following MySQL query
ALTER TABLE Nave CONVERT TO CHARACTER SET utf8;
This question already has answers here:
How do I send emails with Arabic content via PHP's mail function?
(4 answers)
UTF-8 all the way through
(13 answers)
Closed 5 years ago.
I use PHP (echo) to add user session data to the HTML page and it worked fine on one server but when I moved to another one it shows Arabic data in question marks like this (???). how to fix this?
NOTE 1: Arabic data added in the html page using HTML or JAVASCRIPT or AJAX call from database is showing correctly. it only shows question marks when using PHP echo command.
update: the first duplicate is about setting up a server but I'm using a shared webhosting. the second one is about sending email and changing the header didn't work for me.
UPDATE: looks like it was a problem while restoring the database to the new server. new entered data is showing correctly while old ones are messed up!
This question already has answers here:
UTF-8 all the way through
(13 answers)
Closed 7 years ago.
I have a database which contains some blocks of text. These text blocks contain extended characters such as: ’ ‘ … “ and ”. When displayed directly to a web page they all show like this: �.
I've tried doing as str_replace to show normal characters, with no luck.
I've tried iconv, which will only work when set to ignore, which makes the punctuation look wrong.
I've tried html_encode, which also doesn't work. (I'm also using the parsedown script to format the text.)
The funny thing is, the website I'm replacing supports these characters fine, so I don't know what I'm doing wrong! (I don't have access to this website, or source code, or database, which is why I'm replacing it!)
Can anyone provide any help??
I just want to stop showing � and start showing proper characters!
Thanks to the above linked article, this issue is now resolved.
I firstly changed the collation of all of my tables as follows:
Specify the utf8mb4 character set on all tables and text columns in
your database.
Then in my php code where it connects to the database, I added this line:
$CONNECTION -> set_charset('utf8mb4');
All issues resolved! Thanks to all who contributed to my fix!
This question already has answers here:
UTF-8 all the way through
(13 answers)
Closed 7 years ago.
I exported some tables in my mySQL database on my own server (localhost) to a web host using phpMyAdmin. The tables contain swedish special characters, and the CHARSET is set to latin1_swedish_ci. When imported, the characters look correctly in phpMyAdmin of the web host server, but when they are fetched and displayed on the web, there is a question mark (inside a diamond) instead of each special character.
If I update the data by fething the data into a form and then manually replace the question marks with the special characters and submit (thus updating the table), then the updated data shows correctly in the web when fetched.
But if I do the same thing but using the same update form on my own server where the fetched data displays correctly both in phpMyAdmin and web/localhost and setting the post attribute to the insert page on the web server, then that data does not display correctly (on the web).
I.e. this is the opposite problem of that explained in this post.
What might be wrong?
EDIT: As to the suggestion that using "UTF-8 all the way through" might solve the problem: My question more concerns how I might understand why a problem like this can occur. If the data looks ok in phpMyAdmin, does that mean that the problem lies simply in the fetching? Or might there still be something wrong with the data?
You need to ensure the character set is the same across your connection to the database and the web page it is displayed on.
You are best to use UTF-8 all the way.
On your web page you will need something like this:
So the browser knows what to display.
This question already has an answer here:
Escape line breaks in MySQL output
(1 answer)
Closed 9 years ago.
The column data is fed by a textarea html element in the web page ; so the user can enter linebreaks within it. When I put the column data inside an excel file then excel does not recognize the linebreak ( there is a "?" at the end of the first line ). So how to make it recognizable by excel ?
I ran into this problem a little earlier, The easiest solution (Not the best, but couldn't think of anything else) is to use str_replace().
The only way i found to get this to work correctly, was to replace \n with \n\r. An example of this would be
<?php
str_replace("\n", "\n\r", $input_text);
?>
It is possible to do this while inserting into the database, or while reading from the database, However it does present a problem that if it already has \n\r, it'll then appear like \n\r\r