This question already has answers here:
UTF-8 all the way through
(13 answers)
Closed 7 years ago.
i'm tring to insert into my database the following string: "è" but each time i try in the database nothing is added. This is the code that i use to insert.
$string = mysql_real_escape_string($_REQUEST['string_passed']);
$query = "UPDATE my_table SET my_field = '$string' WHERE id = '$id'";
In my connection.inc.php file i have following code.
mysql_connect("localhost", "root", "") or die("Problem: ".mysql_error());
mysql_select_db("my_db") or die("Poblem: ".mysql_error());
mysql_query('SET NAMES utf8');
I know, i can insert $string using htmlentities but there is any other solution?
mysql_real_escape_string Escapes special characters in a string for use in an SQL statement.that is what you will see in its manual page. (by the way it is deprecated in php 5.5, use mysqli::real_escape_string)
Related
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I tried to create a script which will save all the IP address that came to my website (for adwords checking purposes). However when I try, the code doesnt save to database at all. Here is the code:
<?php
session_start();
// Create connection
$mysqli = new mysqli("localhost", "hashmicr_admineq", "monkeycool100", "hashmicr_sessionchecker");
date_default_timezone_set('Asia/Singapore');
$date = date("Y-m-d H:i:s");
$query = "INSERT INTO sessioncheck(ipaddress,date) VALUES (".$_SERVER['SERVER_ADDR'].", ".$date.")";
$mysqli->query($query);
/* close connection */
$mysqli->close();
?>
This is placed on the top of the PHP page.
Did I miss on any steps?
Need to add single quotes as both the field values contain non-numeric (other than 0-9) characters.
You can insert only numeric without single quotes.
Corrected SQL:
$query = "INSERT INTO sessioncheck(ipaddress,date)
VALUES ('".$_SERVER['SERVER_ADDR']."', '".$date."')";
This question already has answers here:
UTF-8 all the way through
(13 answers)
Closed 8 years ago.
I am using MySQL 5.5 version
when i try to insert the ‘ special character in database it is automatically converted into ’ .
i changed the database character set to utf8 & character_set_connection to utf8 but i unable to get the expected result.
how to solve this issue ?
kindly help on this
You need to check how you are sending the data.
If the character set in the database is utf-8, you need to send like that to.
Try to encode the data before, like that:
$sql = "INSERT INTO tablex(field) VALUES('".utf8_encode($mydata)."')";
It is important to make sure that every part of your connection is using utf8, otherwise you will run into problems.
Below we will create a utf8 connection to the database, perform set names which is vitally important and then write using a utf8_encode method.
mysql_connect("host", "user", "pass");
mysql_query("SET character_set_results=utf8");
mysql_set_charset('utf8');
mb_internal_encoding('UTF-8');
mysql_select_db("my_db");
mysql_query("set names 'utf8'");
$sql = "INSERT INTO `table`(`foo`) VALUES('".utf8_encode($bar)."')";
This question already has answers here:
UTF-8 all the way through
(13 answers)
Closed 9 years ago.
I have a function that adds words in my database and for some reason it's putting them in all weird.
Here is my function :
function change_team($picname, $text){
include 'dbconnector.php';
$conn->query("UPDATE team SET tea_photo = '$picname', tea_text = $text WHERE tea_id = 1");
}
Then, I use a post form to put it in :
change_team($_POST['lala'], $_POST['text']);
$_POST['text'] = éÀéÀ works when I echo it before entering it into database, but in the database it does this: Éà É
I've tried everything, I've put my table as uft8_general_ci but it doesn't seem like it fixes anything.
In your dbconnector.php, do:
$conn->set_charset("utf8");
After connecting and selecting database. This will set the transmission encoding to UTF-8. (The table/column/db character set is just storage encoding).
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
apostrophes are breaking my mysql query in PHP
My Android App is sending a message to my server (PHP script)
The PHP script is writing the message into MySQL.
It works fine, but all messages containing an apostrophe ' (e.g. he's going to school) are not written into the database.
Here the php script:
function deq($s)
{
if($s == null)
return null;
return
get_magic_quotes_gpc() ?
stripslashes($s) : $s;
}
if(md5(deq($_REQUEST['blub']).deq($_REQUEST['blub'])."blabla") == $_REQUEST['hash']){
mysql_connect("localhost", "blub", "blub") or die(mysql_error());
mysql_select_db("blub") or die(mysql_error());
// mysql_set_charset('UTF8'); // does not work as too old php
mysql_query("SET NAMES 'utf8'");
mysql_query("SET CHARACTER SET utf8");
mysql_query("SET COLLATION_CONNECTION = 'utf8_unicode_ci'");
$mysqldate = gmdate( 'Y-m-d H:i:s');
$language = (int) $_REQUEST['language'];
$device = $_REQUEST['device'];
$ipaddress = $_SERVER['REMOTE_ADDR'];
mysql_query("INSERT INTO test(username, text, language, rating, checked, date)
VALUES('".$_REQUEST['username']."', '".$_REQUEST['text']."', '".$language."', '0' , 'false', '".$mysqldate."') ")
or die(mysql_error());
mysql_close();
All you need to escape ' like below
$_REQUEST['text'] = mysql_real_escape_string($_REQUEST['text']);
Don't use magic quotes.
use mysqli_real_escape_string or mysql_real_escape_string if you don't want to use mysqli.
You have discovered SQL injections: The apostrophe in the input "gets out" of the apostrophe you put in the query. This causes some of the input to be considered part of the query. You can use mysql_real_escape_string to secure the input before you use it in a query. But in general, there are better solutions for this (e.g. prepared statements).
You are, by the way, using the outdated mysql_ functions in PHP (see the big red warning on http://php.net/mysql_query)
Looking at the description above you need to escape input data with slashes using mysql_real_escape_string function
Apostrophe in input data when utilized in sql query will break the sql query resulting into sql injection
So always sanitize input data with mysql_real_escape_string() function before utilizing into sql query
For more documentation about mysql_real_escape_string() function please refer the documentation mentioned in below url
http://php.net/manual/en/function.mysql-real-escape-string.php
This question already has answers here:
UTF-8 all the way through
(13 answers)
Closed 12 months ago.
My trying to make an Ajax call to a PHP function that pulls out data from my database. I've run into a problem though.
My query looks like this
$query = "SELECT * FROM mytable WHERE field LIKE '%$string%'"
I then check on the number of rows returned by the query, but when i type in æ ø å then i my query returns 0 rows, although I know there are entries in the database that have æ ø å.. why is this
Set the connection to use UTF-8:
<?php
// MySQLi:
$connection = new MySQLi( /* ... credentials ...*/);
$connection->set_charset("utf8");
// MySQL:
$connection = mysql_connect(/* ... credentials ... */);
mysql_set_charset("utf8", $connection);
?>
in my case, I had to add this line:
mysqli_set_charset($con,"utf8mb4");