special characters, php htmlentites

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

andynic

Thread Starter
Joined
May 25, 2007
Messages
404
Hi,

I have a DB maintenance form that allows the user to enter data. Some of the data entry fields are <input type="text"> others are <textarea> fields.

I would like the data entry user to be able to enter any characters s/he pleases from the keyboard.
For example to enter a euro symbol from a Mac keyboard, the user would press shift-option-2, which I will do now €
(The last character on that( line should be a euro symbol.)

I don't want the user to have to mess with html entites such as &-e-u-r-o-; (no dashes in actuality).
I want to include all kinds of quotes, single and double quotes as well as their curly versions.
If at all possible I'd like the data entry user to be able to use the less than (<) and greater than (>) symbols in their text.

Upon clicking "commit", the data gets written to a mysql table created in the following way, for example:
create table T (c1 varchar(100)) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Then a webpage user should see the correct symbols.
The server puts up the webpage using a PHP script retrieving the data from the database.

What I've done (see below) must be barking up the wrong tree. Is their a simple an elegant way to do this?

I have tried passing strings through the PHP htmlentites function before inserting the strings into the DB or before updating them; and in the PHP script that puts up the webpage, I use the PHP html_entity_decode function before display the data. But this is not producing correct results.

For example, using that technique in the attached script (testSpecialCharacters.php), it produces as output:
...value as retrieved from DB is : ...“phrase in curly double quotes”...followed by euro symbol €

Note: In order to upload the file I changed the ".php" extension to ".txt"

Thanks for your help.
Andynic
 

Attachments

colinsp

Colin
Joined
Sep 5, 2007
Messages
2,319
For future reference post your code in code tags like this [ code ] then your code then [ /code ] (remove the spaces) we don't like downloading files as they may not be what they are purported to be.

To answer your question you need to alter your strings before they are written to the database with something like this

Code:
$input_date = mysql_real_escape_string($input_date);
This assumes that $input_date is one of your input strings and then use htmlentities when you pull the data back from the database.
 

andynic

Thread Starter
Joined
May 25, 2007
Messages
404
Hi Colinsp,
Thanks for your reply.
I have tried your suggestion and get similar results to what I was getting.

Using my original code:
Result in webpage:
...value as retrieved from DB is : ...â&#8364;&#339;phrase in curly double quotesâ&#8364;...followed by euro symbol â&#8218;¬
Row in table T using SELECT in mysql running in terminal window:
+--------------------------------------------------------------------------------------------+
| c1 |
+--------------------------------------------------------------------------------------------+
| ...&acirc;??phrase in curly double quotes&acirc;??...followed by euro symbol &acirc;?&not; |
+--------------------------------------------------------------------------------------------+

Using your code aa shown below:
Result in webpage:
...value as retrieved from DB is : ...â&#8364;&#339;phrase in curly double quotesâ&#8364;...followed by euro symbol â&#8218;¬
Row in table T using SELECT in mysql running in terminal window:
+----------------------------------------------------------------------+
| c1 |
+----------------------------------------------------------------------+
| ...&#8220;phrase in curly double quotes&#8221;...followed by euro symbol &#8364; |
+----------------------------------------------------------------------+

I also tried using html_entity_decode to convert $val to no avail,

The code as it now appears:
<code>
<?php

/*
how table was created:
create table T (c1 varchar(100)) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=44 ;
*/

set_error_handler("phpErrorHandler", E_ALL);

// Set up a connection to the DB
$hostname = "localhost";
$database = "tdb name"; #dev -- data from live server
$username = "schema user name";
$password = "password";
$db = mysql_connect($hostname, $username, $password) or die("Kan geen verbinding maken met de database : " . mysql_error());

mysql_select_db($database, $db);

// Begin mock data entry script.
$str = '...&#8220;phrase in curly double quotes&#8221;...followed by euro symbol &#8364;'; //The quotes and euro symbol were entered from the keyboard
//$str = htmlentities($str, ENT_COMPAT);
$str = mysql_real_escape_string($str); // from Colinsp

// Put the string in table T
$sqlCmd = "insert into T (c1) values ('$str');";
$cmdHndl = mysql_query($sqlCmd);

$sqlCmd = "commit;";
$cmdHndl = mysql_query($sqlCmd);
// End mock data entery script.


// Begin mock script that the server uses to put up the webpage.
// Retrieve the record from table T
$sqlCmd = "select c1 from T;";
$cmdHndl = mysql_query($sqlCmd);
$row = mysql_fetch_array($cmdHndl, MYSQL_ASSOC);
$val = $row['c1'];

//$val = html_entity_decode($val);
$val = htmlentities($val); // From Colinsp
echo "...value as retrieved from DB is : $val<br />";
// End mock script that the server uses to put up the webpage.

//$sqlCmd = "delete from T";
//$cmdHndl = mysql_query($sqlCmd);
mysql_close();
restore_error_handler();
?>
</code>
 

colinsp

Colin
Joined
Sep 5, 2007
Messages
2,319
Use phpmyadmin to actually inspect the table entry to see what is actually being written to the table. That will tell whether it is an input or output problem

use [] around code tags not <> ;)
 

andynic

Thread Starter
Joined
May 25, 2007
Messages
404
Hi Colinsp,
Thanks again for your reply.

I just installed phpMyAdmin on my server. (I'm a retired old-fashioned Oracle DBA and applications developer, having started with Oracle v4 and married to it up to and including Oracle 10i. I'm so used to using SQL via a terminal window that I tend to avoid G'UI tools though I did use toad now and then for some things later on.)

Back to the point:
I did not make any changes to the code I submitted in my last reply.
Using the two lines of code commented with "from Colinsp"
this is what phpMyAdmin shows in table T:
...â&#8364;&#339;phrase in curly double quotesâ&#8364;...followed by euro symbol â&#8218;¬

and this is what shows in the webpage that the code puts up:
...value as retrieved from DB is : ...â&#8364;&#339;phrase in curly double quotesâ&#8364;...followed by euro symbol â&#8218;¬

Thanks for your help.
Andynic
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top