I am finding this very strange and frustrating, but I've got some data being entered into a mysql database, and when the data contains an apostrophe for example the word we're, it shows up in the database as
we’re.
weird.
I've used addslashes & mysql_real_esca pe_string, but nothing seems to fix it, and I can see when I 'echo' the input, that the string is not being escaped.
I don't get any errors, but nothing happens. -
preg_match ("/<input type=\"hidden\" name=\"Title\" value=\"([^`]*?)\">/", $match, $temp);
-
$Title = $temp['1'];
-
$Title = trim($Title);
-
$Title =addslashes($Title);
-
-
echo $Title.'<br />';
-
8 4027
I am finding this very strange and frustrating, but I've got some data being entered into a mysql database, and when the data contains an apostrophe for example the word we're, it shows up in the database as
we’re.
weird.
I've used addslashes & mysql_real_esca pe_string, but nothing seems to fix it, and I can see when I 'echo' the input, that the string is not being escaped.
I don't get any errors, but nothing happens. -
preg_match ("/<input type=\"hidden\" name=\"Title\" value=\"([^`]*?)\">/", $match, $temp);
-
$Title = $temp['1'];
-
$Title = trim($Title);
-
$Title =addslashes($Title);
-
-
echo $Title.'<br />';
-
I'm not that sure, but I do have cases like that in another programming language. Turns out that my page is not encoded in proper/desired format.
How does it appear when you view the source of the web page? There is a chance that the source is correct but it's just that the output is not what you wanted it to be.
I'm not that sure, but I do have cases like that in another programming language. Turns out that my page is not encoded in proper/desired format.
How does it appear when you view the source of the web page? There is a chance that the source is correct but it's just that the output is not what you wanted it to be.
the source looks good (as I'm making it for testing purposes).
I have the encoding of the page set to utf-8, and when I do any sort of 'output', echo, etc I get the same value as the source, without slashes (even after trying to add slashes), so 'we're' comes out 'we're' , and not 'we\'re'.
Then of course when the goes into the database, it comes out 'we’re'.
Atli 5,058
Recognized Expert Expert
Hi.
This does indeed appear to be a problem with your charsets.
Just try forcing your browser to render this page using the UTF-8 charset and view your first post... notice that the incorrect output will display as you initially wanted it to be.
Are you passing the text through any of PHP's functions before adding it to the database?
Like for example the htmlentites function?
If so, you may need to specify that you want it to use the UTF-8 charset or it may return it in the default (ISO-8859-1) charset.
Hi Atli,
I am forcing the character set with this line right at the top of my page. is there another way to do it? -
header("Content-type: text/html; charset=utf-8");
-
I am passing the data through 'addslashes()' before adding it to the database (thinking that slashes are what helps it get into the db cleanly). I have also tried mysql_real_esca pe_string, but neither worked.
So I am decoding this puzzle of why 'addslashes' doesn't seem to be working, and it seems their may be a problem with the way I have written my inset query.
I've always used quotes around the variables in the insert statement, but if I remove the quotes I get a mysql error where the slashes should be. If I have quotes in the mysql stament, the insert occurs, but the statement gets inserted with 'special characters' instead of slashes.
here's what I mean re: mysql -
...VALUES('$address', '$title')
-
vs
-
...VALUES($address, $title)
-
Does this clue anybody in to what my error is?
Now I can get a mysql error, but that doesn't solve why addslashes() isn't working in the first place.
more code -
-
$eventAddress = "$eventStreet, $eventCity, $eventState, $eventZip";
-
$eventAddress = addslashes($eventAddress);
-
// echo $eventAddress.'<br />';
-
-
list($date, $time) = explode(' ', $eventDateTime);
-
list($month, $day, $year) = split('-', $date);
-
$date = date('Y-m-d', mktime(0,0,0,$day,$month,$year));
-
// echo $date.'<br />';
-
// echo $time.'<br />';
-
-
$insertShow = "INSERT INTO shows ( address, date, time) VALUES ( '$eventAddress', '$date', '$time')";
-
mysql_query($insertShow)or die(mysql_error());
-
-
dlite922 1,584
Recognized Expert Top Contributor
So I am decoding this puzzle of why 'addslashes' doesn't seem to be working, and it seems their may be a problem with the way I have written my inset query.
I've always used quotes around the variables in the insert statement, but if I remove the quotes I get a mysql error where the slashes should be. If I have quotes in the mysql stament, the insert occurs, but the statement gets inserted with 'special characters' instead of slashes.
here's what I mean re: mysql -
...VALUES('$address', '$title')
-
vs
-
...VALUES($address, $title)
-
Does this clue anybody in to what my error is?
Now I can get a mysql error, but that doesn't solve why addslashes() isn't working in the first place.
more code -
-
$eventAddress = "$eventStreet, $eventCity, $eventState, $eventZip";
-
$eventAddress = addslashes($eventAddress);
-
// echo $eventAddress.'<br />';
-
-
list($date, $time) = explode(' ', $eventDateTime);
-
list($month, $day, $year) = split('-', $date);
-
$date = date('Y-m-d', mktime(0,0,0,$day,$month,$year));
-
// echo $date.'<br />';
-
// echo $time.'<br />';
-
-
$insertShow = "INSERT INTO shows ( address, date, time) VALUES ( '$eventAddress', '$date', '$time')";
-
mysql_query($insertShow)or die(mysql_error());
-
-
Can you add a die() statement just before mysql_query();
die($insertShow );
That should halt programming and exit and print the SQL given to MySQL. I just want to see what that looks like.
Thanks,
Oh and post the output of the page source here.
DM
Atli 5,058
Recognized Expert Expert
You should always put strings inside single-quote marks in your SQL statements. Otherwise MySQL will try to parse them as columns or extra clauses or something along those lines.
You can use the <meta> tags to *set* the charset on you pages. Something like: -
<html>
-
<head>
-
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-
</head>
-
<!-- etc -->
-
</html>
-
Don't know if that will change anything tho. The header you showed us should do pretty much the same thing.
thanks d-lite and Atli, you are definately correct
I went around and around in circles with character encoding until I came with what I think is the simple solution.
I can call htmlentities() and encode it all before putting it into the db. The stuff I'm dealing with is canadian, so i figure that is easier than dealing with all the accents on french characters with slashes etc.
I can't share the source file as it's a local file that I can't share.
Atli, I don't know how I missed your comment about setting forcing the character set in my browser, but now I can see more clearly. unfortunately, i still don't see how I can fix that.
Is there any reason I shouldn't store htmlentities in my database?
I'll just convert the string before I pass it into a query (which will mostly be in numeric columns and id's anyway).
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: leegold2 |
last post by:
When I look directly in my db field I see a difference between these two
functions. The top line (seebelow) was inserted with addslashes vs. the
bottom line where I used mysql_real_escape_string. Obviously addslashes
really escapes the apostrophe. But I thought mysql_real_escape_string is
supposed to do that too - can anyone explain? Thanks, Lee G.
This is Aviva\'s website.
This is Sarah's website.
|
by: Bob Bedford |
last post by:
I've to put datas from user's input in a database.
I've taken a function from internet (don't remember where) formatting most
of the values:
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "") {
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
|
by: Jan Pieter Kunst |
last post by:
Q. How do I use addslashes() and stripslashes() when dealing with HTML
forms and database INSERTs, UPDATEs and SELECTs?
A. It depends on the setting of the php.ini directive
"magic_quotes_gpc". By default, magic_quotes_gpc is On.
If magic_quotes_gpc is On:
Use stripslashes() for data which originates from an HTML form and is
shown in an HTML page after a roundtrip to the server.
Do not use addslashes().
|
by: Marcus |
last post by:
Hello,
My php.ini file currently has magic quotes set to On, but I have read
that it is better to code with it off.
Currently with magic quotes on, I only use stripslashes() to properly
format strings that are displayed on the screen. I know that now with
magic quotes off, I will have to manually handle escaping special
characters with mysql_real_escape_string() or addslashes().
|
by: Cruella DeVille |
last post by:
I must have som errors in my understanding of strip- vs addslashes.
I thought that if a user submitted eg a username, like this
username=siv' drop database test; I should addslashes to escape ' and "
and therefore prohibit the evil user to drop/change my database through
sql injection (my example may not be correct, but I believe it points
out that evil user can add sql commands through an input field.
But - I've been reading lots of...
| |
by: Areric |
last post by:
hey all,
I recently got in a bit of a fight with my webhost because he made some
changes to my server. Specifically they updated php without telling me.
They are now running PHP 4.4.1 (not sure what it was before).
Anyway i mention that cause i had a script that uploaded the content of
an image to a DB, then displayed it straight from the DB using gdlib.
Before i store the content of the image i did an addslashes() and
before i...
|
by: lawrence k |
last post by:
This seems so simple, I can't believe its tripping me up. I've a
database class with a query method that looks like this:
function query($query=false) {
global $controller;
// $query = stripslashes($query);
// $query = addslashes($query);
$result = mysql_query($query);
|
by: redog6 |
last post by:
Hi
I have a webform with many free text fields and have a problem with
apostrophes and single quotes as this breaks the mysql query string.
I obviously need to escape these characters - magic_quotes_gpc sounds
ideal but is not an option as I don't have access to the php.ini file
and it is currently set to 0.
I could use either addslashes or mysql_real_espcape_string but do I
have to apply this to every field individually or is there a...
|
by: ndlarsen |
last post by:
Hello.
It's been a while since I used php. Since then magic quotes has been
deprecated and will be removed when php 6.0 hits. My question is, what
should I be using when submitting data to a database instead? Which is
better for security reasons, addslashes() or mygql_real_escape_string()?
Thanks you.
Regards
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |