1

I am creating a chat feature for my project where people can send messages to each other, but the problem is i want user to send anything, text, quotes or anything... But the problem is when i am sending degree symbol or sign, it does not inserts anything.

My code (This is example of what i have tried) :

<?php
$message = htmlspecialchars($_POST['message']);
$message = mysqli_real_escape_string($con, $message);

//Here i am inserting everything 
mysqli_query($con, "INSERT INTO message (message) VALUES ('$message')");

?>

Hope you guys have understand my problem, i need help, please help me.

  • 1
    This statement `... htmlspecialchars($con, $_POST['message']);` is wrong. `htmlspecialchars()` function doesn't take connection handler as it's argument. RTM, [http://php.net/manual/en/function.htmlspecialchars.php](http://php.net/manual/en/function.htmlspecialchars.php) – Rajdeep Paul May 14 '16 at 10:13
  • You query is susceptible to SQL injection. If you're using `mysqli`, learn about [`prepared statements`](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). [And this is how you can prevent SQL injection in PHP](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Rajdeep Paul May 14 '16 at 10:16
  • Wrap you insert query in *if-else* block, like this: `if(mysqli_query($con, "INSERT INTO message (message) VALUES ('$message')")){ echo "success"; }else{ "error: " . $con->error; }`. Also turn on error reporting, add these lines `error_reporting(E_ALL); ini_set('display_errors', 1);` at the top of your PHP script and see if it yields any error or not. – Rajdeep Paul May 14 '16 at 10:21
  • @RajdeepPaul there is no problem in my query, it inserts properly.. the problem is it it degree symbol as nothing(blank). –  May 14 '16 at 10:25
  • You can consider using [base64_encode()](http://php.net/manual/en/function.base64-encode.php) when inputting and [base64_decode()](http://php.net/manual/en/function.base64-decode.php) when retrieving from the db – Petko Kostov May 14 '16 at 10:35

2 Answers2

0

It may be something related to the database's collation. Try changing it to utf8. You may also consider this option of mysqli - mysqli::set_charset().

brslv
  • 526
  • 7
  • 16
0

Try with PDO, it should work even if $message contains quotes or anything:

$query=$pdo->prepare("INSERT INTO message (message) VALUES (:message)");
$query->execute(array(
"message"=>$message
));
wander
  • 208
  • 1
  • 15