3

how to insert special characters into a database(MySQL) like

Registered symbol ( ® ) OR Copyright sign ( © ) OR Trade Mark sign ( ™ )

Also I want to display as original on the html page.

What I have to do in both side (front end and back end), please elaborate

Which function is more effective?

Method 1:

$_GET = array_map('trim', $_GET);
$_POST = array_map('trim', $_POST);
 
if(get_magic_quotes_gpc()){
  $_GET = array_map('stripslashes', $_GET);
  $_POST = array_map('stripslashes', $_POST);  
  
  $_GET = array_map('strip_tags', $_GET);
  $_POST = array_map('strip_tags', $_POST);  
 }
 else{
  $_GET = array_map('mysql_real_escape_string', $_GET);
  $_POST = array_map('mysql_real_escape_string', $_POST);   
 }

Method 2:

  foreach ($_POST as $key=>$value){
        if (!get_magic_quotes_gpc()) {
          return addslashes(htmlentities(strip_tags($value),ENT_QUOTES,'UTF-8'));
          } 
          else {
             return htmlentities(strip_tags($value),ENT_QUOTES,'UTF-8');
          }
  }

I am a bit confused what is the difference between

htmlentities() and htlspecialchars(), and which one i have to use?

which function should be used addslashes() or stripslashes() when insert into database?

Improve this question

4 Answers 4

Reset to default
4

Just simply add those symbols to your text, and execute it as SQL query:

INSERT INTO tbl_name VALUES ("Here's my text: ©®");

When you want to display it one the website don't do anything with these symbols (but remember to escape at least <, >, & (using htmlspecialchars()) cause those has special meaning in XML/SGML (HTML) documents)

PS. Also remember to escape text passed to SQL query using mysql_real_escape_string() to avoid any SQL Injection problems. If your server has magic_quotes_gpc enabled disable it or at least filter your GET/POST/COOKIE data to its raw value. You should always consciously escape values.

EDIT:

According to your comment... I don't remember whether magic_quotes_gpc are enabled by default but you can easily undone magic quotes effect. Just on the very beginning of your PHP code add something like this:

if (get_magic_quotes_gpc()) {
  array_walk_recursive($_GET, 'stripslashes');
  array_walk_recursive($_POST, 'stripslashes');
  array_walk_recursive($_COOKIE, 'stripslashes');
}

Now each GPC value should be always raw - without quotes - so you have to escape it manually before passing any variable into query.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

how do i insert direct input???? i have to insert other fields also, it is not asingle filed in databse and how do i use this query?? does php latest version add slash by default?? this is totally rubbish
should i use array_walk_recursive() or array_walk()
GPC arrays can be multidimensional so you have to use array_walk_recursive().
2

From the PHP docs for htmlentities():

This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.

Don't worry about encoding things when you store them: store the data raw, and then encode it with htmlentities() when you display it in your HTML.

Edit: Also, read this.

Improve this answer

Comments

2

For starters, you should just use mysql_real_escape_string when inserting into the database - this will ensure that whatever you store is safely encoded, yet retains all of the original information.

In terms of output, the key difference between htmlentities and htmlspecialchars is that htmlentities will convert all characters that have entities whereas htmlspecialchars will only convert <, >, &, ", '

Improve this answer

Comments

-1

Just use prepared statements.

$con = <"Your database connection">;
$input = "What's up? ®, ©, ™";
$stmt = $con->prepare("insert into `tablename` (`field`)values(?)");
$stmt->bind_param("s",$input);
$stmt->execute();
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.