_POST method returns ??? when request utf8 characters

Question

i have the following problem... i am building an android app and i regeuest text formated in utf8 (greek chars) from editTexts by using the POST method. The POST method gets the greek chras from the editTexts as '???' and insert them in mysal again as '???' How will the POST recognize my greek chars???

<?php
// PHP variable to store the host address
 $db_host  = "localhost";
 // PHP variable to store the username
 $db_uid  = "lolen";
 // PHP variable to store the password
 $db_pass = "lolen";
 // PHP variable to store the Database name  
 $db_name  = "lolen"; 
        // PHP variable to store the result of the PHP function 'mysql_connect()' which establishes the PHP & MySQL connection  
 $db_con = mysql_connect($db_host,$db_uid,$db_pass) or die('could not connect');

   mysql_query("SET character_set_results=utf8", $db_con);
    mb_language('uni'); 
    mb_internal_encoding('UTF-8');
    mysql_select_db($db_name, $db_con);
    mysql_query("set names 'utf8'",$db_con);

// array for JSON response
$response = array();
// check for required fields
if (isset($_POST['k_p']) ) 
{
$Kwdikos_Proiontos=$_POST['k_p'];
$Proion=$_POST['p'];
$Kwdikos_Tupou=$_POST['k_t'];
//$Tupos=$_POST['t'];
$sql=mysql_query("SELECT * FROM tupoi WHERE Kwdikos_Tupou LIKE '". $_POST["k_t"]."'", $db_con);
while($row = mysql_fetch_array($sql))
  {
$output[]=$row['Tupos'];
$re= json_encode($output[0]);
$dd= json_decode($re, true);
  }
$result =mysql_query("INSERT INTO proionta(Kwdikos_Proiontos, Proion, Kwdikos_Tupou, Tupos) VALUES('$Kwdikos_Proiontos', '$Proion', '$Kwdikos_Tupou', '$dd')");
 //check if row inserted or not
    if ($result) {
        // successfully inserted into database
       $response["success"] = 1;
        $response["message"] = "Product successfully created.";

        // echoing JSON response
        echo json_encode($response);
    } 
    else    {
        // failed to insert row     
        $response["success"] = 0;
        $response["message"] = "Oops! An error occurred.";

        // echoing JSON response
       echo json_encode($response);
    }
}
 else 
{
    // required field is missing
    $response["success"] = 0;
    $response["message"] = "Required field(s) is missing";

    // echoing JSON response
    echo json_encode($response);
}
?>

ps. my db is already in utf8 cause i display and add other data in greek, by using SELECT , INSERT, in the db.

I'd be more worried about the gaping-wide-open [SQL injection attack](http://bobby-tables.com) holes in your code. You've got bigger problems than a few characters getting mangled... — Marc B, Aug 20 '13 at 19:45
Well if that is greek text, I guess it's a little more than just a *few*. However there is much chaos in that code and like sql injection those encoding issues are also kind of injections. So really double signal, ring the alarm now, it's fixing time. — hakre, Aug 20 '13 at 19:47
Next to the soon suggested duplicate on your encoding problem, you might be interested in reading [How can I prevent SQL injection in PHP?](http://stackoverflow.com/q/60174/367456) — hakre, Aug 20 '13 at 19:50
possible duplicate of [UTF-8 all the way through](http://stackoverflow.com/questions/279170/utf-8-all-the-way-through) — hakre, Aug 20 '13 at 19:50
I have yet to see a single PHP code snippet here on SO without SQL injection vulnerability. I also make an effort of notifying the askers about this problem. No one cared so far. It's a very serious problem that may lead to data theft, data corruption up to (depending on your server configuration) a hijacked server. Fix it. Otherwise your server will be yet another drone of some botnet. I blame these gazillions of really bad PHP tutorials on the Interweb for this problem. — tiguchi, Aug 20 '13 at 19:55
Please, before you write **any** more SQL interfacing code, you must read up on [proper SQL escaping](http://bobby-tables.com/php) to avoid severe [SQL injection bugs](http://bobby-tables.com/). Also, `mysql_query` should not be used in new applications. It's a deprecated interface that's being removed from future versions of PHP. A modern replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and will make your database code easier to get right. — tadman, Aug 20 '13 at 19:57
@NobuGames About 10-15% of the PHP questions are done using a library with proper escaping, but this number is slowly increasing as new users get around to converting their code in part due to being vigilant about pointing out these problems. This problem can't be fixed in a day. — tadman, Aug 20 '13 at 20:00
thnx for the tips about the sql injections, but i am not going to upload this app in google play. It will be used by me and 3-4 friends... So my current problem is how the POST will get the greek chars.... — Panagiotis Ioannidis, Aug 21 '13 at 13:24

Panagiotis Ioannidis · Accepted Answer · 2013-08-21T15:23:40.953

0

Finally i found a solution to my problem, i used GET method instead of POST, and now it works correctly! Thnx for the sql injection tips, i will read more about this issue!

edited Aug 21 '13 at 15:23

answered Aug 21 '13 at 15:16

Panagiotis Ioannidis

3
2

_POST method returns ??? when request utf8 characters

1 Answers1