jasonc

All tables and databases are set to utf-8. Adding/editing new entries is working ok. The actual data in the database which was added ages ago is still in the old format. Is there a way to convert the previous existing data before I changed to the correct method of storing the data.

Yes my page is html5, but some of the code was outdated. It seems that so far all information that I add as new is being stored as is, no change to the text apart from escaping before being added and when displayed all looks ok and of the scripting text I tried this also shows as html entities in the source code. All good so far. But still there is the issue of all the entries in the database that was incorrectly stored. How would I start to convert it to normal text as it would be if I had entered it as of now. £ instead of the chr(163) which shows on the page as a diamond with question mark in it. and the other unicode characters.

ok all seem ok, apart from the £ sign, i get the diamond with a question mark in it. ❤French style nest of table , oh la la �40❤ it should be ❤French style nest of table , oh la la £40❤ ok what I have done is echod out all the ord() codes... 226 � 157 � 164 � 70 F 114 r 101 e 110 n 99 c 104 h 32 115 s 116 t 121 y 108 l 101 e 32 110 n 101 e 115 s 116 t 32 111 o 102 f 32 116 t 97 a 98 b 108 l 101 e 32 44 , 32 111 o 104 h 32 108 l 97 a 32 108 l 97 a 32 163 � 52 4 48 0 226 � 157 � 164 �

Now the big issue I have is to convert everything back to normal text in the database after I have incorrectly converted most if not all special characters to their hash and other formats.

ah after splitting up the line in to sections I found the error... the missing ) all working now, and I see who this works too. Thank you

Yes both of these are already set and in php.ini file. But no errors are logged

ok I use the following to add the entry as it and escape the text in case it contains something it should not... $query="INSERT INTO `tablename` (`id`, `title`) VALUES ('1','".$mysqli->real_escape_string('<script>alert("1");< /script>')."')"; db_query($mysqli, $query); Then to get it back I use... echo(htmlentities($title, ENT_QUOTES | ENT_IGNORE, "UTF-8"); But I get a blank page, not even any source code... so I change it to this... echo($title); and sure enough the alert box shows up. Am I missing something here ? How do I stop code like this from working as the bad poster expected...

I just entered the text as is in the table using my script. escaping the string first.. ❤French style nest of table , oh la la £40❤ and it shows as this in the database... â¤French style nest of table , oh la la £40⤠But the £ and the heart do not show up even when I set the page as UTF-8 I used echo htmlentities($str, ENT_QUOTES | ENT_IGNORE, "UTF-8"); to output it on the page, but the page is blank still and nothing in the source code. in the script I placed this at the start... <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> and the following at the end... </body> </html>

I was just checking the PHP.net site for the htmlentities it seems I may have found out why I was not able to convert/remove the special characters before as I was getting a blank string back. I may have forgotten to use the | ENT_IGNORE part. I am going to find the code I used to test this out. <?php $str = "\x8F!!!"; // Outputs an empty string echo htmlentities($str, ENT_QUOTES, "UTF-8"); // Outputs "!!!" echo htmlentities($str, ENT_QUOTES | ENT_IGNORE, "UTF-8"); ?>

So if I have understood this the htmlentities will convert all special caracters to their ACSII numbers and still show the text as say... <script>...</script> to the viewer but in the source code it shows as the ASCII version.

I currently use MySQLi and $mysqli->real_escape_string($string) to escape the string before adding to the database. So I just add the text as they entered it without altering it in anyway but escape it using $mysqli->real_escape_string($string) Then when grabbing it from the table to display on the webpage I just unescape it using htmlentities($yourContentFromTheDB, ENT_QUOTES, 'UTF-8');

I have been using an outdated method for sometime to store and retrieve records from my database. I am wanting to know the best way to convert or translate, whatever, the text to a format that I store in the database and then what I should be doing to get it back before it is displayed on the webpage. I tried htmlentities and stuff like that but not realy understanding the flags and stuff and not getting it. Please help me or at least guide me to the right commands that I should be using for what. I do not really want someone to do it, just tel me what commands and how to use them. The adding to the database and getting back is something I know.

function checkUsernameIsCleanOfBadWords($string) { $badWords = "["; $badWords.= "ARSE|"; $badWords.= "*******|"; $badWords.= "*****|"; // i $badWords.= "B1TCH|"; // one $badWords.= "BLTCH|"; // L $badWords.= "BOLLOCKS|";// oh oh $badWords.= "BOLL0CKS|";// oh zero $badWords.= "B0LLOCKS|";// zero oh $badWords.= "B0LL0CKS|";// zero zero $badWords.= "****|"; // oh $badWords.= "C0CK|"; // zero $badWords.= "CLIT|"; // L i $badWords.= "CIIT|"; // i i $badWords.= "CILT|"; // i L $badWords.= "CLLT|"; // L L $badWords.= "C11T|"; // one one $badWords.= "CL1T|"; // L one $badWords.= "C1LT|"; // one L $badWords.= "****|"; $badWords.= "dickhead|";// i $badWords.= "dLckhead|";// L $badWords.= "d1ckhead|";// one $badWords.= "fanny|"; $badWords.= "****|"; $badWords.= "gay|"; $badWords.= "lesbian|"; // i $badWords.= "lesbLan|"; // L $badWords.= "lesb1an|"; // one $badWords.= "*****|"; // i $badWords.= "pen1s|"; // one $badWords.= "penls|"; // L $badWords.= "pOOf|"; // oh oh $badWords.= "pO0f|"; // oh zero $badWords.= "p0Of|"; // zero oh $badWords.= "p00f|"; // zero zero $badWords.= "prick|"; // i $badWords.= "pr1ck|"; // one $badWords.= "prLck|"; // L $badWords.= "rape|"; $badWords.= "****|"; // i $badWords.= "sh1t|"; // one $badWords.= "shLt|"; // L $badWords.= "wank]"; if(preg_match(strtolower($badwords), strtolower($string))) { return "bad"; } return "ok"; } if (checkUsernameIsCleanOfBadWords($username) === "bad") { // tell them so. }