Storing content along with special characters in PHP

Question

I have an add_post form which include post_title, post_content and date. post_content may contain special_characters and HTML elements

There is a problem to store into post_content

Example string:

gyms revolve around this unique factor called “Community.”

If I try to insert that string into the database table the following string is inserted for instance:

gyms revolve around this unique factor called

Because of the symbols (“ ” ’) I am not able to insert the all data

I just want to remove these symbols so that I would be able to add all post_content data

This is what I have tried:

 $post_content=$_POST['post_content']; 
 $post_content=addslashes($post_content);
 $post_content=htmlentities($post_content);

See http://stackoverflow.com/documentation/php/5828/pdo/2685/preventing-sql-injection-with-parameterized-queries#t=201703100659054502665 — miken32, Mar 10 '17 at 06:59
How are you inserting the data into your database? Which database are you using? Which charset in your database? Your question is not clear and does not show any research effort. — Blackbam, Mar 14 '17 at 03:14
You've mentioned in several comments below that you have tried `mysql_real_escape_string` but it has not worked. Please explain **clearly** how and why this has not worked — Phil, Mar 14 '17 at 03:16
your question heading **Storing content along with special characters in PHP** contradicts to what you want to do _I just want to remove these symbols so that I would be able to add all post_content data_ — Keith Asilom, Mar 14 '17 at 23:24
@KeithAsilom I just want to remove some symbols that I mention in question, not all symbols. — amM, Mar 15 '17 at 05:20
so you only want to remove single and double quotes but retain all other special characters? what about when retrieving, do you want the single/double quote again? — Keith Asilom, Mar 15 '17 at 23:43
@KeithAsilom While retrieving I don't want those symbols again. — amM, Mar 16 '17 at 05:42

Deep 3015 · Answer 1 · 2017-03-13T07:28:40.697

I just want to remove these symbols so that I would be able to add all post_content data.

Answering to this (which is different from question heading i quess) you can actually remove special characters before saving in database in the controller it self using function

public function clean($string) {
   $string = str_replace(' ', '-', $string); // Replaces all spaces with hyphens.
   $string = preg_replace('/[^A-Za-z0-9\-]/', '', $string); // Removes special chars.
   $string =preg_replace('/-/', ' ', $string); // Replace hyphens with spaces.
   $string =preg_replace("/\s+/", " ", $string); //remove extra spaces
   return $string;
}

public function somFun(){
    $post_content=$_POST['post_content']; 
    $post_content=$this->clean(post_content);
    //proceed to modal function for saving in database
}

Edit To remove single and double quotes only

public function somFun(){
    $post_content=$_POST['post_content']; 
    $post_content=str_replace(array("'", "\"","“","”","’"), "", $post_content );
    $post_content=preg_replace("/\s+/", " ", $post_content); /*remove extra spaces*/
    //proceed to modal function for saving in database
}

You can do test using on line code tester

<?php
$str = "'test 'this' “ ” ’ string'";
$str= str_replace(array("'", "\"","“","”","’"), "", $str );
$str=preg_replace("/\s+/", " ", $str);
echo $str;

result will be test this string

Post content may include special symbols, so that I don't want to remove all special symbols I just want to remove or escape these (“ ” ’) symbols. — amM, Mar 13 '17 at 07:09

score 2 · Answer 2 · edited May 23 '17 at 11:54

If you using CodeIgniter, there is related questions about that, here and here, you have two choices :

Use query building : Data will be escaped by PDO

$sql = "INSERT IGNORE INTO my_table(lat, lng, date, type) VALUES (?,?,?,?);"; 
$this->db->query($sql, array($data['lat'], $data['lng'], $data['date'], $data['type']));

Use db->escape() method : Explicitly escape data

$this->db->query("INSERT IGNORE INTO my_table(lat, lng, date, type) VALUES ('" . $this->db->escape($data['lat']) . "', '" .  $this->db->escape($data['lng']) . "', '" . $this->db->escape($data['date']$this->db->escape . "', '" . $this->db->escape($data['type']) . "')");

Hope this helps !

score 2 · Answer 3 · edited May 23 '17 at 11:54

2

utf8 problem.

“ ” ’ are not ordinary ascii characters. If they are mis-fed to a CHARACTER SET utf8 column, the strings may be truncated. Is that what is happening? You get all the text up to, but not including, one of those quote charaters? If so, then the explanation and tips on fixing your code and/or schema are here -- search for "truncate".

The probable problem is that the bytes fed in are encoded in latin1, not utf8, yet the connection is specified to be UTF-8 and the table/column is column is CHARACTER SET utf8 (or utf8mb4).

Since those characters are not recognized by PHP or MySQL as quotes, many of the other suggestions have no effect.

edited May 23 '17 at 11:54

Community

1
1

answered Mar 16 '17 at 05:13

Rick James

135,179
13
127
222

@ Rick Yes I get all the text up to the symbols I mentioned in question. suppose I have a string - gyms revolve around this unique factor called “Community.” It is within this Community. Something like this then the data stored will be like - gyms revolve around this unique factor called. When It get the symbols then string truncated from that point and stored to database. – amM Mar 16 '17 at 05:35
Actually I have a mass upload form. Using csv file I can upload many records simultaneously. css file include those symbols. – amM Mar 16 '17 at 05:41
@Deepak are you using `fgetcsv()` when reading your csv file? If this is utf8 problem, maybe you can try : `$data = fgetcsv("file.csv", "r");` `$data = array_map("utf8_encode", $data);` - array_map sends each value of the $data to utf8_encode function. After encoding values to utf8 then maybe you can now try the suggestions like `str_replace` or `preg_replace` – Keith Asilom Mar 16 '17 at 07:59
@KeithAsilom Yes I am using fgetcsv(). Here is my code - $data=array(); $file = fopen($filename, "r"); while (($importdata = fgetcsv($file, 10000, ",")) !== FALSE) { $data[sizeof($data)]=$importdata; } fclose($file); – amM Mar 16 '17 at 08:25
1

can you try adding this as first line inside your while statement: `$importdata = array_map("utf8_encode", $importdata );` – Keith Asilom Mar 16 '17 at 09:15
@KeithAsilom Yes it is working. Thank you very much. – amM Mar 16 '17 at 11:41
1

If _everything_ is set to utf8, you don't need `utf8_encode`. – Rick James Mar 16 '17 at 15:42

score 1 · Answer 4 · answered Mar 13 '17 at 23:55

1

You could always just base64_encode these values, then it doesn't matter what's in them.

answered Mar 13 '17 at 23:55

John Jones

2,027
16
25

score 1 · Answer 5 · answered Mar 16 '17 at 07:42

1

If you just want to remove

<?php
$html="a“”’b";
$res = preg_replace('/[^\x20-\x7E]/','', $html);
echo $res;
?>

Output ab

answered Mar 16 '17 at 07:42

Raj Nandan Sharma

3,694
3
32
42

score 1 · Answer 6 · answered Mar 17 '17 at 16:15

1

I have done same things with one trick

$html = base64_encode($this->input->post->('key'));

and at display time decode it !

it will solve all special characters problems

answered Mar 17 '17 at 16:15

Ankit vadariya

1,253
13
14

score 0 · Answer 7 · answered Mar 10 '17 at 06:47

0

Use mysql_real_escape_string

For Example

$name='abc,cf';
 $name=mysql_real_escape_string($name);

answered Mar 10 '17 at 06:47

Bilal Ahmed

4,005
3
22
42

score 0 · Answer 8 · answered Mar 15 '17 at 09:03

0

try use form helper to insert data and try like thisset_value('description') or use this htmlspecialchars($POST['description']) i use this to save data into database, and use to showing like this htmlspecialchars_decode($description)

answered Mar 15 '17 at 09:03

Muhamad Riyan

45
1
7

score 0 · Answer 9 · answered Mar 16 '17 at 19:26

I don´t know why you use mysqli_real_escape_string or why you need that to insert "" into the database, i use codeigniter to and insert text into my database with no problem, traid this

in the controller

 $coments = $this->input->post('comentario', true); 
    $query = $obj->Insertcoments($coments);

and in the model

function Insert($coments) {
        $data = array(
            'mensaje' => $coments);
        $this->db->insert('mensaje', $data);
    }

Storing content along with special characters in PHP

9 Answers9