I need to use bind_param to get away with data injection. When I use bind_param, special characters such as € or ب are being saved in mysql as صذق.
1-I am sure mysql table is set up correctly.
2-I have changed the word processor's encoding to UTF8.
3-I have included many utf8 character sets all over the place.
Any thoughts how to fix this? or maybe I should start using other methods such as mysqli_real_escape_string?
($_POST["post_word"] is generated in a separate page)
$connect = mysqli_connect("r"," r","r","r"); //not real data here
$connect->set_charset('utf8');
$connect->query("SET NAMES utf8");
$querye= mysql_query("SET NAMES utf8");
mysqli_query($connect,"INSERT INTO wordtable ( wdate) VALUES (CURRENT_TIMESTAMP())");
$sqlz = "SELECT wid FROM wordtable ORDER BY wdate DESC LIMIT 1";
$resultz = mysql_query($sqlz);
$rowz = mysql_fetch_array($resultz);
$wid=$rowz['wid'];
$mysqli = new mysqli(HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB);
$connect->set_charset('utf8');
$unsafe_variable = $_POST["post_word"];
$stmt = $mysqli->prepare("UPDATE wordtable SET word=(?)
WHERE wid='$wid' ");
$stmt->bind_param("s", $unsafe_variable);
$stmt->execute();
$stmt->close();
$mysqli->close();
Would it be perhaps
$querye= mysql_query("SET NAMES utf8");
Your querying with MySQL here
Related
This question already has answers here:
The ultimate emoji encoding scheme
(2 answers)
Closed 6 years ago.
I am having problems decoding UTF8 characters in my script from my sql.
Lets say I have two characters coming from mysql:
'á' & ❤️
with my script á is decoded fine however, the emoticon is decoded in â¤ï
What am I doing wrong?
$conn = new mysqli($servername, $username, $password, $dbname);
$sql="SELECT * FROM `community` ORDER BY `community`.`date` DESC LIMIT 25";
mysqli_set_charset($conn, "utf8"); //UTF8
$result = $conn->query($sql);
while($row = $result->fetch_assoc()) {
$comment = $row['comment'];
echo $comment . "</br>";
//echo htmlentities($comment); not working... white screen
}
UPDATE
I have changed Database and Tables
$conn = new mysqli($servername, $username, $password, $dbname);
$sql="SELECT * FROM `community` ORDER BY `community`.`date` DESC LIMIT 25";
mysqli_set_charset($conn, "utf8"); //UTF8
$result = $conn->query($sql);
while($row = $result->fetch_assoc()) {
$comment = $row['comment'];
$comment = mb_convert_encoding($comment, "UTF-8");
echo $comment . "</br>";
//echo htmlentities($comment); not working... white screen
}
Your issue here is probably with the database.
You need to set your database charset to UTF-8 in order to query it correctly, what you are doing is to get a string and setting Client side default charset using
mysqli_set_charset($conn, "utf8"); //UTF8
That's not enough, so I would recommend you to run an SQL query like
ALTER DATABASE databasename CHARACTER SET utf8 COLLATE utf8_unicode_ci;
in order to update it. If what you need is to change a single table use
ALTER TABLE tablename CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci;
Finally you can check it using
SELECT DEFAULT_COLLATION_NAME FROM data_dictionary.SCHEMAS WHERE SCHEMA_NAME = 'databasename' LIMIT 1;
As an extra appointment and just in case in PHP you can convert the encoding of a string using
$comment = mb_convert_encoding($comment, "UTF-8"); //Change encoding
echo mb_detect_encoding($str, "auto"); // Check encoding
Of course you should make a backup before making any of these changes, just in case.
EDIT: The proper order to run these queries, is:
Run it in the whole DB using the first query
Run it table by table using the second query
Check if the charset has been set correctly using the third query
EDIT 2 : Remember to set the tag <meta charset="UTF-8"> in your html file.
I hope this helps you :)
$url = "example.com";
$data = json_decode($raw);
$pname=$data->name;
$sql="UPDATE `client` SET pname='$pname' WHERE url='$url'";
$query=mysql_query($sql,$link)or die(mysql_error());
When the json data is decoded, the value in variable $pname goes in client table. If there is an apostrophe sign (') in name then it throws an error. What changes can I make in the variable to send the name to database table?
example:
Jerry get updated with no issues
D'Cunha does not get updated as it has the apostrophe sign. The query becomes
"UPDATE `client` SET pname='D'Cunha' WHERE url='example.com'"
I found some articles but that does not say about how to find the apostrophe sign and change the variable value
use mysql_escape_string()
$sql="UPDATE `client` SET pname='".mysql_escape_string($pname)."' WHERE url='$url'";
and learn mysqli or PDO as mysql is deprciated and soon going to be drop
Use prepared statements. Mysqli or PDO. Here's an example with mysqli:
$url = "example.com";
$data = json_decode($raw);
$pname=$data->name;
$mysqli = new mysqli($host, $user, $password, $db);
$stmt = $mysqli->prepare("UPDATE client SET pname = ? WHERE url = ?");
$stmt->bind_param("ss", $pname, $url);
$stmt->execute();
Why shouldn't I use mysql_* functions in PHP?
Try this:
UPDATE client SET pname = 'D\'Cunha' WHERE url = 'example.com'
I want to insert data in mysql database.when i am trying to insert my query using PHP MyAdmin then work but if i am tring to insert from my php site from submission the not work some text not insert.
my text
http://www.lexisnexis.com/hottopics/gacode/
§ 16-11-125.1. Definitions
As used in this part, the term:
my form submission insert only this text
http://www.lexisnexis.com/hottopics/gacode/
my query
$test='http://www.lexisnexis.com/hottopics/gacode/
§ 16-11-125.1. Definitions
As used in this part, the term:';
$conn = mysql_connect('localhost', 'test', 'test') or die(mysql_error());
mysql_select_db("test") or die(mysql_error());
mysql_query('SET NAMES utf8');
mysql_query("SET CHARACTER SET utf8");
mysql_query("SET SESSION collation_connection ='utf8_unicode_ci'");
$queryc = "INSERT INTO `table` (data17)values ('".addslashes($test)."')";
mysql_query($queryc) or die(mysql_error());
for the database connection, it should be:
$conn = mysqli_connect('localhost', 'test', 'test') or die(mysqli_error($conn));
for the query, it should be:
mysqli_query($conn, $queryc) or die(mysqli_error($conn);
remember, the mysqli_query's arguments are database connection, query
also, it would be better if the query ($queryc) was:
$queryc = "INSERT INTO `table` (data17)values mysqli_real_escape_string($test))";
I have a table that data was inserted in it some time ago. data included by php and character set in it was utf-8 .
mysql_query("set names utf8");
now ,I need this table in another project which all data will show on php mysql default character set.
problem : my data is persian, when I set charachter set utf-8, every things is ok, but without character set data convert to the "?????" what should I do?!
I want to import all data form old table to new table on new character set !!
Try this might help you
<?php
header('Content-Type: text/html; charset=utf-8');
?>
and then in the connection
<?php
$dbLink = mysql_connect($argHost, $argUsername, $argPassword);
mysql_query("SET character_set_results=utf8", $dbLink);
mb_language('uni');
mb_internal_encoding('UTF-8');
mysql_select_db($argDB, $dbLink);
mysql_query("set names 'utf8'",$dbLink);
?>
///
$SERVER = "http://localhost:8084";
$db = mysql_connect('localhost','root') or die("Not Connected");
$sldb = mysql_select_db('vifarbydata',$db);
mysql_query("set names utf8");
$sql = "SELECT * FROM `region` ";
$res = mysql_query($sql);
while($h=(mysql_fetch_array($res)))
{
$row[] = $h;
}
mysql_close($db);
/// set another character set
$SERVER = "http://localhost:8084";
$db = mysql_connect('localhost','root') or die("Not Connected");
$sldb = mysql_select_db('vifarbydata',$db);
foreach ($row as $item)
{
echo $sql = "insert into `region2` (id,name,myId) values (".$item['id'].",'".$item['name']."','".$item['myId']."') ";
mysql_query($sql);
}
#afsane, using mysqldump, you can dump the data from old_table and then import it into the new_table which has the new character encoding.
mysqldump -u user -p --no-create-info schema old_table > old_table.dump
mysql -u user -p schema new_table < old_table.dump
This will be much faster than doing a conversion via PHP.
I'm currently trying to save a japanese-character string with MySQL in PHP. The characters are saved as questionmarks. This is my query:
mysql_query("SET NAMES 'utf8'");
mysql_query("SET CHARACTER SET 'utf8'");
$result = mysql_query("INSERT INTO battles (basic_words) VALUES ('".mysql_real_escape_string($basic_words)."'");
The string "$basic_words" definitely contains japanese characters but they are not saved. The coalition for the row "basic_words" is utf8_general_ci
php mysql query encoding problem suggests
$db_con= mysql_connect('localhost', 'user', 'password');
if( function_exists('mysql_set_charset') ){
mysql_set_charset('utf8', $db_con);
}else{
mysql_query("SET NAMES 'utf8'", $db_con);
}
Also Check http://php.net/manual/en/function.mysql-set-charset.php