0

The problem:

An input of åäö in insert åäö in db. The file is in UTF-8 without BOM and comment in the table has utf8_general_ci coallition.

The code:

<?php
    if($_POST['comment']!=''){

            $comment=addcslashes($_POST['comment'], "\x00\n\r\'\x1a\x3c\x3e\x25");


            if($kommentar!=''){
                mysql_query("INSERT INTO comments (comment) VALUES ('$comment')") or die(mysql_error());

            }
        }
    ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" lang="sv">
    <head>
        <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
    </head>
    <body>
    //Form
    </body>

Background:

Earlier I performed htmlentities on the $_POST['comment']; before inserting to db, and outputted directly, which worked fine. Then I wanted to go best practise and input raw data (just cleaning) and o htmlentities (or similar) on output. But then I discovered that e.g. åäö is not inputted as åäö but as åäö. Heeeelp :)

Joseph
  • 1,734
  • 6
  • 29
  • 51
  • 1
    Do not use `addcslashes` to escape the comment - `mysql_real_escape_string()` is the one right way to sanitize a string in this case. – Pekka Apr 16 '11 at 16:08
  • @Pekka I changed it but it did not address the problem unfortunately. – Joseph Apr 16 '11 at 16:21
  • Does this answer your question? [UTF-8 all the way through](https://stackoverflow.com/questions/279170/utf-8-all-the-way-through) – tripleee Jan 13 '21 at 13:22

1 Answers1

2

You probably need to set the connection's collation to UTF-8, which is iso-8859-1 by default. Try

mysql_set_charset("utf8");

after connecting to the database.

Pekka
  • 442,112
  • 142
  • 972
  • 1,088
  • I added it like following and will keep it but it did not solve the problem unfortnately: $connect = mysql_connect($host,$username,$password) or die(); mysql_select_db($database , $connect) or die(); mysql_set_charset('utf8',$connect); – Joseph Apr 16 '11 at 16:13
  • @Joseph it *could* be that you are using mySQL < 5.0.7. In that case, try `mysql_query("SET NAMES utf8;");` instead. Does that work? Where are you outputting the data? – Pekka Apr 16 '11 at 16:15
  • @Pekka I tried it but I have the same result. Though it have to be something with that since echoing the string gives "åäö" but interting it gives the åäö. Am I adding it right? See comment above: That is in my config file, dshould it be there or after every query? – Joseph Apr 16 '11 at 16:29
  • @Joseph I'm fairly sure it's the connection collation, but I don't understand why neither command is changing it. Is what you are showing your full code? You are not doing anything else with the characters? Because the code you show can't work (It's "kommentar" in one, and "comment" in the other) – Pekka Apr 16 '11 at 16:31
  • @Pekka it is correct in the file, I just missed out to translate them in the post. – Joseph Apr 16 '11 at 16:48
  • @Pekka your solution worked the testing output didnt had utf8 specified in the htmlentities, so the result did not show there but in the db. Thanks! – Joseph Apr 16 '11 at 16:50