0

I have a php script that inserts values into mySQL table

INSERT INTO stories (title) VALUES('$_REQUEST[title]);

I checked the values of my request variables before going into the table and it's fine.

But when I add title=john to the table for example,

I get something like this: title = "[][][][]john" and when I extract the value, it's a newline then john.

I have my columns set to utf-8, I tried swedish character set as well.

Note: I don't get this error when inserting values from the phpMyAdmin commandline

David M
  • 4,325
  • 2
  • 28
  • 40
stone
  • 841
  • 3
  • 16
  • 26
  • 1
    I would recommend reading this article before continuing much further: "The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!)" at http://www.joelonsoftware.com/articles/Unicode.html – ewall May 13 '10 at 19:43

3 Answers3

0

SET NAMES <encoding> query must be executed every time you connect to your database.
very simple rule.

where <encoding> is your HTML page encoding in mysql dialect (utf8 for the utf-8)

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
0

You need {} around any array notation when used inside "".

$q="INSERT INTO stories(title) VALUES('{$_REQUEST['title']}')";

BTW, it would be better, when checking your $_REQUEST vars to store the sanitized versions in new variables, and to be sure to escape them with real_escape_string()

dnagirl
  • 20,196
  • 13
  • 80
  • 123
  • no, {} are unnecessary here. but both quotes and escaping are needed – Your Common Sense May 13 '10 at 19:47
  • @Col. Shrapnel: just remembered to put in the quotes around the title index. Seems to me the nested single quotes would make `{}` required. Could you explain why I'm wrong? Tx. – dnagirl May 13 '10 at 19:56
  • The OP's initial syntax `"VALUES('$_REQUEST[title]')"` (assume one quote absense was a typo) was just correct. http://php.net/types.string That's ambiguous yes, but that's correct syntax. – Your Common Sense May 14 '10 at 04:35
0

You need to check the character set of the database, the server, and the client.

Note that it's not a swedish character set, it's a swedish collation.

David M
  • 4,325
  • 2
  • 28
  • 40