Jump to content

Escaping Characters Using Addslashes/mysql_Real_Escape_String

Jagand

By Jagand
in Applications

 Share

Recommended Posts

Jagand Member

Jagand

Posted
Posted

Hi,

 

I am trying to insert data into MySQL. Input data is sometimes not very neat. For example "com – What". When I added addslashes, mysql_real_escape_string, I expected that these non standards characters be inserted as-is or with escape sequences. When I perform inserts, data in MySQL DB looks strange. For example, above example (com – What) transformed into "com – What". "didn’t stop" is not being escaped as "didn\nt stop". How do I make sure that data in MySQL database is proper and as expected?

Link to comment
Share on other sites
Christian F. Member

Christian F.

Posted
Posted (edited)

You should only use mysql_real_escape_string () and not addslashes ()[/ic]. Certainly not both at the same time, as you're escaping the data twice up then. Which is what's causing the "didn\'t stop" problem.

 

The first problem, however, is caused by using different character sets in your system. Standardize everything on UTF-8, and make sure you use UTF-8 compatible functions whenever you try to manipulate strings. Reading these two articles should give you a start on what you need to do:

http://www.ibm.com/developerworks/library/os-php-unicode/index.html

http://kunststube.net/encoding

Edited by Christian F.
Link to comment
Share on other sites
Jagand Member

Jagand

Posted
  • Author
Posted (edited)

I tried copying and pasting content at http://www.arcticsta...u-shutdown-stor with various options such as

html_entity_decode, mysql_real_escape_string, htmlspecialchars, addslashes but nothing was working. I tried other option too ....

 

<?php

mb_language('uni');

mb_internal_encoding('UTF-8');

 

print html_entity_decode('input_content');

 

?>

 

Also, given below options in form but did not work. Am I missing something?

 

accept-charset

='utf-8' enctype="multipart/form-data"

Edited by Jagand
Link to comment
Share on other sites
Christian F. Member

Christian F.

Posted
Posted

You shouldn't need html_entity_decode () or addslashes () at all, but there are some steps you've missed.

 

Step 1 is to ensure that the database tables are using UTF-8, which is normally done by specifying the DEFAULT CHARSET when you create them.

Step 2 is to ensure that he database connection between PHP and MySQL uses UTF-8, which is done with mysqli_character_set_name ().

Step 3 is to ensure that you inform the browser that you're sending UTF-8, done with header ('Content-type: text/html; charset=utf-8').

Step 4, which I'm uncertain whether or not you've completed, is to make sure that all functions you're using are multi-byte compliant and supports UTF-8.

 

Since you haven't posted any code that replicates this issue, or really shows what you've done so far, I'm afraid this is as much help as I can give at the present time. What you have posted looks correct, besides the superfluous html_entity_decode () call.

The most important thing is to make sure that every step and every system involved is explicitly told about what encoding you're using, otherwise problems like this will occur sooner or later.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.