Been struggling with this thing for hours now. Hopefully someone could help me out.
Trying to get data from mysql based on first and last name. Everything works just fine except when there is special characters like ä or ö.
I have the profiler on and query looks like this:
SELECT mail, address, title FROM users WHERE firstname='teemu' AND lastname='sel%C3%A4nne'
And it should be:
SELECT mail, address, title FROM users WHERE firstname='teemu' AND lastname='selänne'
In my model it's like this:
$sql = "SELECT mail, address, title FROM users WHERE firstname=? AND lastname=?";
How can I fix this? Thank you!
Controller
public function edit()
{
$this->load->model('p_model');
$this->load->view('edit',$data);
}
public function ajax_p($first,$last)
{
$this->load->model('p_model');
$data['info'] = $this->p_model->pInfo($first,$last);
$this->load->view('ajax/p',$data);
}
Make sure you do not forget to urldecode the post values. What might be happening is that you use $_POST instead of the codeigniter function $this->input->post(); $_POST won't urldecode the parameters for you while the codeigniter function does.
So verify that the variable you pass to your query really is selänne and not sel%C3%A4nne
And if it is sel%C3%A4nne, use urldecode() or $this->input->post()
Have you utf8_general_ci in database ?
And your file is encoded as utf8 ?
try putting your special characters in config like
$config['permitted_uri_chars'] = 'a-z 0-9~%.:#_\-ä';
and make sure your db is utf8_general_ci is your Server connection collation.
Related
I made a code using codeigniter to get the data by the title of the topic. my code is.
the controller
public function viewTopic($category, $title){
$data['topic'] = $this->Setting->get_dataNew('*', 'community_topics', 'WHERE title="'.str_replace('-', ' ', urldecode($title)).'"');
}
the link is like this one.
/community/questions/ما-هو-المجتمع-؟
The problem is when I added a special characters to the title like - or () the query not working, is there is a way to fix it ?
Because you are using the - to remove the spaces it will not be possible, unless you used different symbol for it, codeigniter filters all special characters to prevent the sql injection attacks, however, you can add column named urlSlug, and store the exact value of the slug in it, so when you query next time, it will be
public function viewTopic($category, $title){
$data['topic'] = $this->Setting->get_dataNew('*', 'community_topics', 'WHERE urlSlug="'.$title.'"');
}
We are using the same for the Arabic version of the website, and it is working perfectly,
also don't forget you will need to add the list of the permitted characters to
$config['permitted_uri_chars']='' to avoid any future error.
I am using codeigniter 3 for my project. In my database i have a table that is being used by some other authentication system. the problem i am facing when i am am searching some value with special character (inside the data/ concated with the data)
$query = "SELECT * FROM tablename WHERE value = '$#!"."asdasd<3ddasd"."'";
Even $this->db->query($query); is not returning any desirable output. after echo $this->db->last_query(); i get the query and it was as it should be. if i copy it to phpmyadmin, it gives correct result.
As per several discussion in SO and some other pages i have also tried with
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-!##<$';
db is utf8_general_ci is Server connection collation.
Query i put here just for showing you a scenario and i have used active record.
EDIT 1: I have used $this->input->post() for getting the input.
EDIT 2: just found out doesnot work with "$#!"."asdasd<3ddasd" but work for "$#!"."asdasd3ddasd"
Make sure you do not forget to urldecode the post values. What might be happening is that you use $_POST instead of the codeigniter function $this->input->post();
$_POST won't urldecode the parameters for you while the codeigniter function does.
So verify that the variable you pass to your query really is selänne and not sel%C3%A4nne
And if it is sel%C3%A4nne, use urldecode() or $this->input->post()
Reference from This Question
I am trying to use special danish characters (æøå) in the URL as GET parameters. So for instance I have this URL:
http://example.com?name=åge
that URL will get converted into the ASCII equivalent automatically, so in the URL it will read:
http://example.com?name=%E5ge
When i access and print out that value it works just fine, and displays that parameter as:
åge
However, i am using that to select stuff in my DB, and this won't work. If i use the ASCII version in the URL, it won't select anything form the DB and just give me an empty result. If i force the URL to not use ASCII, so it is: http://example.com?name=åge it will work fine when selecting from the DB, but when I display the parameter it shows as this:
Ã¥
I have no idea how to get around this. Any help is appreciated.
I would transform the parameter to UTF-8 and then prepare the database for a UTF-8 query, with something like this:
$name = utf8_encode($_GET['name']);
mysqli_query($mysqli_connector, "SET NAMES UTF8");
And then, prepare your query.
That should work.
I hope that helps!
I'm having trouble with the ampersand symbol, because I've to allow user to insert page_title within database.
The problem is that in my mother language many companies have the symbol in their names like per example "Santos & Filhos".
The question is, how can I insert this, without break my database and without opening security issues?
using this the database gets broken
$title = preg_replace('/&/', '&', $title);
$final_title = utf8_encode($title);
I'm using utf8_encode because of the other accents like á or ã
Thanks, hope you can help me here
EDIT
ok, first thanks to all, most of you were wright, mysql_real_escape_string is indeed one of the best options, if not the best.
I discovered that I was missing one escape (in query) before post my variables to be processed by php and inserted within the database.
So I manage to get my & but now I can't manage to have accents...
So far my php code looks like this
$title = mysql_real_escape_string($_POST['title']);
$sql = "UPDATE bodytable SET body_title = '".utf8_encode($title)."'";
and then in my frontage I've
utf8_decode($row['body_title']);
the result is
<title>Santos & Filhos - Repara?es de autom?veis</title>
Escape characters going into the database with something like mysql_real_escape_string() or PDO and use htmlentities() when displaying it.
This covers securing user input: What's the best method for sanitizing user input with PHP?
Try using an escape character in front of all your special characters you want to insert in the database. Encoding is ok but for example, if the following string was to be added to mysql string field you would get an error.
"special characters don't work"
And you can do this to prevent these errors
"special characters don\'t work"
I belive there is a methods called addslashes(string x) and stripslashes(string x) that will do that for you.
$title_to_insert_in_database = $str = addslashes($title);
$title_for_page = htmlspecialchars($title_from_database);
I know there have been a lot of almost the same questions, but I still didn't find the answer to my problem.
I want to place "les Îles Açores" into the db. But I get:
les Îles Açores
I tried usin:
SET Names 'ut8)
$mysqli->set_charset("utf8");
mysql_real_escape_string()
htmlentities (Here I got htmlentities, but I want to know if there's another way)
Code:
$name_fr = $_POST["name_fr"]; $name_nl = $_POST["name_nl"];
$arr_kollommen = array("NAME_FR","NAME_NL");
$arr_waardes = array($naam_nl,$naam_fr);
$obj_db->insert("landen",$arr_kollommen,$arr_waardes);
Does someone has an idea how to solve my litle problem?
Thank you very much!
Make sure the table uses the correct CHARSET, for example:
CREATE TABLE myTable (
one VARCHAR(255),
two VARCHAR(255)
) DEFAULT CHARSET=utf8;
Make sure you actually write in UTF8 (meaning your IDE / editor you write your code must have encoding set to UTF8).
Is the record corrupted both in the DB and on your page after you fetch it or only in DB?
$name_fr = $_POST["name_fr"];
$name_nl = $_POST["name_nl"];
$arr_kollommen = array("NAME_FR","NAME_NL");
$arr_waardes = array($naam_nl,$naam_fr);
$obj_db->insert("landen",$arr_kollommen,$arr_waardes);
Try using instead of encode to utf_8 decode.
like this:
$name_fr = $_POST["name_fr"];
$name_nl = $_POST["name_nl"];
$naam_fr = utf8_decode($naam_fr);
$naam_nl = utf8_decode($naam_nl);
$arr_kollommen = array("NAME_FR","NAME_NL");
$arr_waardes = array($naam_nl,$naam_fr);
$obj_db->insert("landen",$arr_kollommen,$arr_waardes);
2 possible reasons i can see:
1) Your database doesn't feature UTF-8 fields
2) When you read your data from the server, you are not setting the connection as utf-8. If you have to set it utf-8 when writting you also have to set it utf-8 when reading.
Check using PHPMyAdmin if the data is wrecked... If it is, then it means that your SET names'utf-8' is not working...
Do you pass the "UTF-8" parameter into your htmlentities, and html_entity_decode this way ?
html_entity_decode($text,ENT_QUOTES , "UTF-8");