1

i was working on emoji input for textarea

which is contain to

  const emojis = [0x1F557, 0x1F4A2, 0x2764, 0x1F49D, 0x1F498, 0x1F497, 0x1F496, 0x1F495, 0x1F494, 0x1F493, 0x1F44B, 0x1F445, 0x1F444, 0x1F64F, 0x1F64C, 0x1F64A,                    0x1F649, 0x1F648, 0x1F637, 0x1F635, 0x1F633, 0x1F632, 0x1F631, 0x1F630, 0x1F62D, 0x1F62B, 0x1F62A, 0x1F629, 0x1F628, 0x1F625, 0x1F624, 0x1F623,                 0x1F622, 0x1F621, 0x1F620, 0x1F61E, 0x1F61D, 0x1F61C, 0x1F61A, 0x1F618, 0x1F616, 0x1F614, 0x1F613, 0x1F612, 0x1F60F, 0x1F60D, 0x1F60C, 0x1F60B,                 0x1F60A, 0x1F609, 0x1F606, 0x1F605, 0x1F604, 0x1F603, 0x1F602, 0x1F601];

So let's say we have textarea for chat contain to

<textarea name='message'>Good morning </textarea>

while we in mysqli query part we will do something like

$usermsg = htmlspecialchars($_POST['message'], ENT_QUOTES, 'UTF-8');

OR

$usermsg = htmlspecialchars($_POST['message']);

so the output is going to be

Good morning ????

i know we most use PDO / prepare statement to avoid Sql injection but right know we are in mysqli

any solution / advice to keep emoji's stored in database while we using htmlspecialchars to keep us save from xss etc.. ?

Amjad
  • 68
  • 6
  • @CBroe thanks you for your response. im using utf8_general_ci to store multi lang such as arabic / english language so it will not be a problem if i change to utf8mb4_general_ci ? – Amjad Jul 22 '20 at 08:50
  • Don't store htmlspecialchars output in the database. – Dharman Jul 22 '20 at 08:53
  • Prepared statements are available with MySQLi too and if you still don't use it should be your priority to rewrite the code and start using them – Dharman Jul 22 '20 at 08:53
  • https://stackoverflow.com/a/766996/1427878 should answer your questions regarding utf8_general_ci vs utf8mb4_general_ci. – CBroe Jul 22 '20 at 08:54
  • @CBroe i looked to both links and i changed the hole collection to utf8mb4_unicode_ci and CHARACTER SET utf8mb4 but i still in the same issue :( – Amjad Jul 22 '20 at 09:12
  • @Dharman thanks for you response. i know both of them has the same functionality but i made everything almost and it's very light project no need that much of security, i looked to UTF-8 all the way... it didn't help as well :( – Amjad Jul 22 '20 at 09:14
  • Please show us the code how do you insert the data into the database, how do you read it back? – Dharman Jul 22 '20 at 09:15
  • Did you try and insert _new_ test data, after you made those changes? Your existing data is in all likelyhood garbled at this point, the issue won’t fix itself retroactively for that by just changing the charset settings. – CBroe Jul 22 '20 at 09:16
  • What helped exactly\? – Dharman Jul 22 '20 at 09:23
  • @Dharman i went to utf8mb4_unicode_ci instead of utf8_general_ci and change each Table Character set to utf8mb4t and in connection file i added mysqli_set_charset($DB, 'utf8mb4') and everything went fine in database input & output + with the arabic language :) – Amjad Jul 22 '20 at 09:29

0 Answers0