mysqli_real_escape_string messes up unicode

MySQL database
#1

The function mysqli_real_escape_string appears to be messing up unicode, but I need this function to escape quotation marks so that I can insert data into the MySQL database. I have as the first two lines of my program:

<?php
  header("Content-Type: text/html; charset=utf-8");

In the code I have the following line:

mysqli_set_charset($conn,"utf8");

where $conn is the MySQL connection. I entered some text in Japanese and it came out as a bunch of question marks. How do I escape quotation marks and apostrophes without messing up unicode?

#2

Your first line says you are putting out an PHP-HEADER. This is only needed if your PHP is outputing data directly to your browser. Normally, you designate UTF-8 inside your HTML in the HEAD tag as a META.

Something like:

Using that, you set the HTML page to use UTF-8.

In PHP, you do not need to tell the page what you are using, the browser already know this.
UNLESS you are attempting to write directly to the browser, in other words send out a header yourself. You would do this if you are for instance, creating a PDF file from scratch you must send out a PDF header so that the browser knows you are send a PDF file out. So, not really sure why you are using that header inside the PHP code.

Perhaps you are not clear on what a header is. A header is sent out every time a browser is sent a page. It tells the browser what is being sent to it. Now, if you are inserting an image into an HTML page, such as a logo or button image or whatever, you normally include an IMAGE tag But, you can use PHP to actually send the image itself using headers. They are normally not needed inside of PHP except for redirecting the page.

So, hopefully you just do not need that PHP header line. Or, you must tell us further on what you are really sending to the browser after the header command…

#3

I removed the header but the problem still occurred. At one point in my code I have:

    $entry = $_POST['entry'];

I commented out the following line:

    //$entry = mysqli_real_escape_string($conn,htmlentities($entry, ENT_QUOTES));

and then the Japanese text appeared correctly, but it did not appear correctly when that line was not commented out. However, I need mysqli_real_escape_string to escape backslashes but it appears to be messing up unicode.

#4

Well, I researched this a bit for you and on many sites they mention the same thing.
You should sanitize the input, in this case $entry.
So, you would use $entry = mysqli_real_escape_string($_POST[“entry”]; when you grab the data.

But, they also say on many sites that you should tell MySQL that you are using the unicode.
Here is one link that explains it further. Hope it helps!

http://stackoverflow.com/questions/12703420/shortcomings-of-mysql-real-escape-string/12720360#12720360

#5

Thanks for the help. Changing it to “$entry = mysqli_real_escape_string($conn,$_POST[“entry”])” worked. I also had some problems with htmlentities messing up the unicode so I had to add “utf-8” as a third argument as suggested on this page: http://stackoverflow.com/questions/9705239/php-htmlentities-and-htmlspecialchars-are-breaking-my-strings .

#6

Glad to hear you solved it. Hope I helped. We will be looking to talking with you again…

Sponsor our Newsletter | Privacy Policy | Terms of Service