0

I'm having trouble to insert specific symbols in the database. I think the problem is related to PDO.

I've been trying to insert using prepare() and execute(), and I discovered that something is changing the symbols(and sometimes, making the insertion fail). The symbols are ?¿!¡. I tried, also, using just exec(), but the problem persist. A friend told me that PDO is sanitizing my query because SQL injection so it takes away characters, sometimes it replaces them and sometimes not let the insertion. I didn't found any info about it. I dont know if that is what is happening. If that's the case: how may I establish some kind of rules?


<?php

/* Here I establish connection with the database, nothing wrong here */
$dsn = 'mysql:dbname=dbname;host=localhost;charset=utf8';
$usuario = 'user';
$contraseña = 'password';

try {
    $conn = new PDO($dsn, $usuario, $contraseña);
} catch (PDOException $e) {
    echo 'Something went wrong, Mkway?';
}

/*Oh! I forgot! Another thing I tried is changing character set, but it didn't
 work either(I think that this is the same that specifing the charset, frankly
 idk)*/
$conn->exec("SET CHARACTER SET utf8");

$answer = '¿¡Alguien dijo comer!?'; //It's a literal string. In the real code
 this is an input, but here I'll suppose this is the input so you understand 
the issue(before the idea occurs to you: I tried specifing this input and 
checking if the insertion was successful, but it didn't work too)

$sth = $conn->prepare("INSERT INTO Answer (text, next) VALUES (:answer, 1)"); 
//So here I prepare the statement, nothing wrong with the query, tried it in 
the database with the answer variable and worked like a charm.

$args = [
   ':answer' => $answer
]; //Here the arguments I'll will include in the execute.

$sth->execute($args); //So here is the execute. I tried an exec, but it didn't
 work too.

So, what I'm trying to do is that when i try to insert ¿¡Alguien dijo comer!? it actually inserts it, right now it's not inserting that. I tried too inserting Alguien dijo comer!? and it inserted Alguien dijo comer!r so it replaced the ? for r. Do you know what's wrong here?

Lihuel Amoroso
  • 1
  • 3
  • Your query is invalid. Check error messages. – Paul Spiegel Aug 28 '19 at 16:57
  • You don't need `;` in queries done programmatically. That's a delimiter used by interactive/command-line tools to determine the end of input. – tadman Aug 28 '19 at 17:05
  • It should be `... VALUES (:answer, 1)` instead of `... VALUES :answer, 1)`. It should be closed as "typo question". – Paul Spiegel Aug 28 '19 at 17:16
  • Done. Still having issues. I forgot to include that parentheses when i pasted the code. Sorry for wasting time with that. That was not the actual issue. – Lihuel Amoroso Aug 28 '19 at 17:17
  • I LUCKILY SOLVED THE ISSUE!!!!! If this happens to someone else, a workaround is converting the string to base64 to store it, then when you want to use it, just decode it – Lihuel Amoroso Aug 28 '19 at 19:00

0 Answers0