PHP script doesn't work when passed non-standard A-Z 0-9 characters

Question

I have a PHP script:

<?php
$dbh = new PDO('sqlite:database.db');
$sth = $dbh->prepare('SELECT * FROM t1 WHERE user = :user');
$sth->bindParam(':user', $_POST['user'], PDO::PARAM_STR);
$sth->execute();
$result = $sth->fetchAll();
if( empty( $result ) )
{
     echo "0";
}
else
{
     echo "1";
}
?>

It works correctly when passed standard A-Z 0-9 characters but when $_POST['user'] is something like Çärmêñ™ it incorrectly returns 0. The user is present in the database so it should return 1.

How do I get it to work correctly?

Update

Yes as mentioned in the comments it appears that the database is the issue here:

sqlite> SELECT * FROM t1;
Çärmêñ™|098f6bcd4621d373cade4e832627b4f6
sqlite> 

sqlite> SELECT * FROM t1 WHERE user = 'Çärmêñ™';
sqlite>

but the encoding is already set to UTF-8:

sqlite> PRAGMA encoding;
UTF-8

http://stackoverflow.com/questions/279170/utf-8-all-the-way-through — Funk Forty Niner, Apr 26 '15 at 13:51
Check your database encodings and use UTF-8 everywhere. See @Fred-ii-'s link. — elixenide, Apr 26 '15 at 13:59
is Çärmêñ™|098f6bcd4621d373cade4e832627b4f6 supposed to be just Çärmêñ™? — Aris, Apr 26 '15 at 15:31
@Aris no. `098f6bcd4621d373cade4e832627b4f6` is the hex. The `user` column (columns separated by `|`) is `Çärmêñ™`. — , Apr 26 '15 at 17:29

score 0 · Answer 1 · answered Apr 26 '15 at 14:15

0

try using to scape the strings from the $_POST variable using mysqli_real_scape_string.

$user = mysqli_real_scape_string("conecction",$_POST['user']);

then try with select : $sth = mysqli_query('SELECT * FROM t1 WHERE user = '$user');

answered Apr 26 '15 at 14:15

Disturb

558
8
14

PHP script doesn't work when passed non-standard A-Z 0-9 characters

Update

1 Answers1