UTF-8 with php pdo and mysql - ctype php

Question

How to use ctype_alpha with UTF-8

I have this code:

 if(empty($_POST) === false) {      

                if (isset($_POST['first_name']) && !empty ($_POST['first_name'])){
                    if (ctype_alpha($_POST['first_name']) === false) {
                    $errors[] = 'Please enter your First Name with only letters!';
                    }   
                }

so here I chech is everzthing fine if not I got error...

But If I use letters like ščćž - UTF-8 then I also get errors, so how I can sovle this problem becouse I need for first name to have onlz letters but I need to allow UTF-8 characters like ščćž

Please help!

your dsn should be like `mysql:host=yourhost;dbname=yourdb;charset=utf8` — Bobot, May 14 '15 at 11:37
I put that $db = new PDO('mysql:host=' . $config['host'] . ';dbname=' . $config['dbname'], $config['username'], $config['password'],array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8")); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); — milemilic mile, May 14 '15 at 11:38
Btw, `$_POST` and `$_GET` always returns string or int, sometimes array, so if you want to use ctype, you should first convert them. Btw2 you do not really need to do security on inputs if you use PDO prepare queries — Bobot, May 14 '15 at 11:38
btw (again) you should read this ^^ http://php.net/manual/en/language.types.type-juggling.php — Bobot, May 14 '15 at 11:45
Your problem is that you get your own error "Please use only alfabetic characters"?! That would pretty obviously be because `ctype_alpha` only matches very few alphanumeric characters, as it's supposed to. What are you using it for?! — deceze, May 14 '15 at 11:48
message must be: Please enter your First Name with only letters! but if letters is ććšž. then also must accept that — milemilic mile, May 14 '15 at 11:50
From the doc : ctype is kind of regex like `[A-Za-z]` so this is just not the good function for that man ... — Bobot, May 14 '15 at 11:54
so if I remove that doeas I get securitz problem ... I update this with PDO prepare ... — milemilic mile, May 14 '15 at 11:56
@milemilicmile just added answer, it was too long for a comment ^^ — Bobot, May 14 '15 at 12:07
Instead of `if (x === false)` try `if (!x)`, it's much more concise. — tadman, May 14 '15 at 19:48
@tadman read doc about `===` and `==` the `!` operator does not make it strict, the `===` does ;) — Bobot, May 14 '15 at 19:59
@Bob0t Are you expecting the function to return something totally insane? It's going to return a boolean. It's not necessary to strictly compare unless you need to differentiate between literal `false` and other logically false values. The description is "Returns FALSE if var exists and has a non-empty, non-zero value. Otherwise returns TRUE." not "Returns FALSE sometimes, MAYBE on random occasions and LOL when feeling smarmy." — tadman, May 14 '15 at 20:26
he talks a lot about security, just give him what he wants, a buffer overflow can make this returning some funny results :) — Bobot, May 14 '15 at 20:53

score -2 · Accepted Answer · answered May 14 '15 at 11:21

-2

Make sure that EVERYTHING is in UTF8 NOBOM format. ALL php files must be saved in UTF8 NOBOM format. Adding just "charset=UTF-8" to html tag is not enough.

Also you have to set UTF8 for database connection:

mysql_query ('SET NAMES utf8');

answered May 14 '15 at 11:21

MilanG

6,994
2
35
64

for database I have: $db = new PDO('mysql:host=' . $config['host'] . ';dbname=' . $config['dbname'], $config['username'], $config['password'],array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8")); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); – milemilic mile May 14 '15 at 11:24
also make sure to convert the DB to UTF. Check [this SO Question](http://stackoverflow.com/questions/6115612/how-to-convert-an-entire-mysql-database-characterset-and-collation-to-utf-8) – gutenmorgenuhu May 14 '15 at 11:24
also I have html text like:
Podešavanja.

Ovde možete izmeniti bitne informacije o vašoj firmi.
and everythong is fine, so everything is showed well – milemilic mile May 14 '15 at 11:26
ctype_alpha for utf-8 . HOW? – milemilic mile May 14 '15 at 11:41

Sourabh Kumar Sharma · Answer 2 · 2015-05-14T19:41:17.000

-2

Please look at the below line

 if (ctype_alpha($_POST['last_name']) === false) {
                    $errors[] = 'Please use only alfabetic charecters';
                    } 



if you see condition of the ctype_alpha it is telling that if it is not contain an alphabet then throw an error, you need to remove that condition.


I hope this helps you.

edited May 14 '15 at 19:41

answered May 14 '15 at 11:23

Sourabh Kumar Sharma

2,864
3
25
33

but I need this code as security from attacks, from adding script at my base... I add this setLocale(LC_CTYPE, 'SR_sr.UTF-8'); to page – milemilic mile May 14 '15 at 11:31
Not sure that for database you have serbian collation. Last time I checked it didn't exist so I used slovenian, the most similar one... – MilanG May 14 '15 at 11:38
@milemilicmile, for preventing security attack you have other methods better than this one, like using prepared queries, using mysql_real_escape_string() function. – Sourabh Kumar Sharma May 14 '15 at 11:42
@milemilicmile, in the condition of ctype_alpha make it equal to true instead of false, because at present the condition means that if it is not a normal character then it will throw the error – Sourabh Kumar Sharma May 14 '15 at 11:55
@milemilicmile, you updated the question but did not listen to my suggestion to turn the false to true in the above code if condition. – Sourabh Kumar Sharma May 14 '15 at 12:42

UTF-8 with php pdo and mysql - ctype php

2 Answers2

Podešavanja.