0

I want to store all the data in UTF-8 so before storing the input variables are converted to UTF-8 using htmlspecialchars($var, ENT_QUOTES, 'UTF-8') And then the database charset is set to UTF-8 and each table has the collation utf8_general_ci However, When I store them, they all get saved as

Testing<ASC'a'sc'/A>

And are displayed as such. I removed htmlspecialchars function when I fetched the results. But I still don't understand why it gets saved like that, I tried removing htmlspecialchars in the $_POST variables and then it saves it okay but then it comes out as HTML. For example if you fetched

<script>alert('lol')</script>

Which is not dangerous.

public function __construct() {
        $protected = array("_GET", "_POST", "_SERVER", "_COOKIE", "_FILES", "_ENV", "GLOBALS");
        foreach($protected as $var)
        {
            if(isset($_POST[$var]) || isset($_GET[$var]) || isset($_COOKIE[$var]) || isset($_FILES[$var]))
            {
                die("Hacking attempt");
            }
        }
        $this->strip_slashes_array($_REQUEST);
        $this->parse_incoming($_REQUEST);
    }

    public function parse_incoming($array) {
        foreach($array as $key => $value) {
            if(!is_array($value)) {
                $this->input[$key] = $value;
            } else {
                return;
            }
        }
    }
    function strip_slashes_array(&$array)
    {
        foreach($array as $key => $val)
        {

                if(is_array($array[$key]))
        {
            $this->strip_slashes_array($array[$key]);
        }
        else
        {
            $array[$key] = htmlspecialchars($array[$key], ENT_QUOTES, 'UTF-8');
        }

        }
    }

and when I insert them I use $class->input['key'] instead of $_POST['key']

lmo
  • 37,904
  • 9
  • 56
  • 69
RaiK
  • 1
  • See here: http://stackoverflow.com/questions/7979567/php-convert-any-string-to-utf-8-without-knowing-the-original-character-set-or – Loek May 16 '16 at 13:24
  • [`htmlspecialchars`](http://php.net/manual/en/function.htmlspecialchars.php) doesn't convert to UTF-8. It does exactly what you got. – gre_gor May 16 '16 at 13:28
  • ohh, so what do i do in this case, i dont even need to convert it then. I just want it to be displayed as its written without being converted into &amp........ The thing is that, it worked before, but i doesnt work now that the db collation is changed. – RaiK May 16 '16 at 13:34
  • Seems you used `htmlspecialchars` on `Testing` three times. You only need to call `htmlspecialchars` when you are rendering the HTML code. Also [`collation`](http://dev.mysql.com/doc/refman/5.7/en/charset-general.html) just determines how values are sorted not how they are stored. – gre_gor May 16 '16 at 13:57
  • Oh, Thank you guys, I fixed this by changing $this->strip_slashes_array($_REQUEST) to $requests = $_REQUEST $this->strip_slashes_array($requests) And for some reason it is working I tried to find the reason, it turned out that using $_REQUEST directly in the function returns the same result 4 times *(4x in the array) but i have no idea why. – RaiK May 17 '16 at 10:48
  • You should not have to strip_slashes either. Something is messing things up! – Rick James May 26 '16 at 01:06
  • Please provide `bin2hex(...)` so we can see exactly what is in the string that you think needs fixing. – Rick James May 26 '16 at 01:07

0 Answers0