0

This is really weird to explain, so here it goes...

I'm fetching data from phpmyadmin that contains unescaped single quotes. I'm trying to convert ' to ' by using Content-Type: text/html; in a php header.

In one column of the database, this is the value: This year's...

I set the content type to <?php header('Content-Type: text/html; charset=UTF-8'); ?>

I fetched the data with mysql_fetch_assoc(), so it should output, This year&apos;s. But, it outputs This year�s....

I then manually deleted This year's... from the database and replaced it with the same This year's... (directly in the database). I set the content type to text/html again and got this:

This year&apos;s...

That's it... this is almost imossible to explain. A single quote is submitted to the database through a form. I fetch it and set the content type to text/html and it outputs ' as . If I go into the database, manually delete the ', and replace it with the same ', it then outputs &apos;.

Has anyone ever experienced this weird quirk or recognize what it might be?

UPDATE:

The value in the database is This year's which was uploaded by a form. The quote is unescaped in the database. Here's how I'm fetching the data. I want the ' to be converted to &apos;.

<?php
    header('Content-Type: text/html; charset=UTF-8');
    include('init.inc.php');

    function get_feeds() {
        $query = mysql_query("SELECT * FROM test ORDER BY id DESC LIMIT 1");
        while($fetch = mysql_fetch_assoc($query)) {

            $text = $fetch['text'];         

            echo $text;         

            }
        }

?>
<?php get_feeds(); ?>

It outputs This year�s.

I then delete This year's from the database and manually write This year's in it's place. It outputs this This year&apos;s.

Graham
  • 309
  • 3
  • 16
  • 1
    It would be better to share code too – Yogus May 29 '13 at 05:23
  • I added a bit of code. The code is pretty self explanatory. The single quotes in the DB are all unescaped and were uploaded by a form. – Graham May 29 '13 at 05:29
  • use `$text = html_entity_decode($fetch['text']);` – Amir May 29 '13 at 05:39
  • Are you really working with utf8 completely? Did you send a query like this after connect to your db: 'SET NAMES utf8'? Somtimes data is not stored as utf8 correctly. – steven May 29 '13 at 05:41
  • Steven, it's set to UTF8. @Amir I tried that, but no change. I think I'm going to have to change how the data is inserted to the db. I'm just using mysql_real_escape_string, but will add addslashes. – Graham May 29 '13 at 05:46
  • how did you manually write? in phpmyadmin? – steven May 29 '13 at 05:48
  • Directly in the db, I deleted and rewrote the text by hand. I literally deleted -This year's-, then rewrote -This year's- in the same field. – Graham May 29 '13 at 05:52
  • have you tried an htaccess like this: AddDefaultCharset UTF-8? If the string is stored correctly the sign should be shown without converting to '. The fact that entity_decode not works is another hint that its not really an ' in your db – steven May 29 '13 at 05:54
  • I put - AddDefaultCharset UTF-8 - in the .htaccess and it outputted - This year�s - Same thing. I guessing it's how the text is being inserted into the db. – Graham May 29 '13 at 05:58
  • yes insert a new entry with active .htaccess! Another way to find out is to do utf8_encode ( $text) before output. If you see the right things with your old data then its iso. – steven May 29 '13 at 05:59
  • I'm very confused. Firstly, `Content-Type: text/html` is set by default in PHP: one doesn't need to set it explicitly (although, by default, no character set is specified in the header but this can be changed with the [`default_charset`](http://www.php.net/manual/en/ini.core.php#ini.default-charset) directive). Secondly, specifying such a header (whether explicitly or implicitly) *does not* automatically encode HTML entities: one must explicitly call [`htmlentities()`](http://php.net/manual/en/function.htmlentities.php). Are you *sure* that you're getting encoded output of `'`? – eggyal May 29 '13 at 07:22
  • Thirdly, make sure that you are following all of the advice in [UTF-8 all the way through](http://stackoverflow.com/a/279279). Fourthly, your title mentions `str_replace()`, which doesn't appear to have anything to do with the question? – eggyal May 29 '13 at 07:23

1 Answers1

0

before inserting in to database Convert special characters to HTML entities

htmlspecialchars("This year's");
Arunprabu
  • 11
  • 3