0

I'm trying to create a user system with PHP and mysql. I have made a table named userz in the database and set everything I need. My code 100% works as long as the hash does not generate any special characters, so it succeeds at random. I have tried setting the encoding in mysql to many kinds of utf-8 and i have tried header('Content-Type: text/html; charset=utf-8'); in my php script, but I can't get it to work!

$salt = mcrypt_create_iv(22, MCRYPT_DEV_URANDOM);
$enc= base64_encode($salt);
$hash = crypt($passwordz, $salt);
$qry = "INSERT INTO `userz` VALUES('0', '$fname', '$lname', '$email', '$hash', '$enc')";

mysql_query($qry) or die ($enc.$hash);
echo "Account created!";

It always dies and i'll see a character like this: �

Maybe I need to escape my query first? Any ideas? Thanks! (btw feel free to comment on any security problems if you see them).

trossn
  • 3
  • 2
  • 1
    Seems like wring encoding. Check database, database connection, file, headers etc. – bish Oct 01 '15 at 16:09
  • @bish Yeah that's the thing. I have tried pretty much everything and still can't get it to work. But I guess i'll just keep on trying stuff... – trossn Oct 01 '15 at 17:28
  • Do not use $variable in your SQL statements, use binding variables. It will solve your problem, and will make your code safer. See this example: http://stackoverflow.com/questions/23511341/should-we-always-bind-our-sql-statements/23511673#23511673 – mvp Oct 01 '15 at 18:45
  • You really should not be writing code that relies on `mysql_` functions anymore. The MySQL extension has been deprecated for years and is about to be dropped in the upcoming PHP7 release later this year. Also see [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). On an up-to-date server, this code has a life span of about 2 months. Try PDO, which should also fix the SQL injection problem you seem to have. – Oldskool Nov 02 '15 at 10:22

1 Answers1

0

The black-diamond-question-mark usually comes from

  1. Your bytes are encoded in latin1 (not utf8).
  2. You have not specified SET NAMES utf8. You should use mysqli_* interface, not mysql_*l, then use set_charset('utf8').
  3. You did specify UTF-8 in the meta tag in html.
Rick James
  • 135,179
  • 13
  • 127
  • 222