开发者

html-encode output && incorrect string error

问答 作者:

my data includes arabic characters which looks like garbage in mysql but displays correctly when run on browser. my questions:

  • how do i html-encode the output?
  • if i add this to all my files: <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> i get this error: Error: Incorrect string value: '\xE4\xEE\xC3\xD8\xEF\xE6...' for column 'cQuotes' at row 1

i'm working on php/mysql platform.

insertion form in html:

<!doctype html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Your Favorite Quotes</title>
<link rel="stylesheet" type="text/css" href="style.css" /> 
<link rel="stylesheet" href="css/validationEngine.jquery.css" type="text/css" media="screen" charset="utf-8" />
<script type="text/javascript" src="scripts/jquery-1.4.2.js"></script>
<script src="scripts/jquery.validationEngine-en.js" type="text/javascript"></script> 
<script src="scrip开发者_开发问答ts/jquery.validationEngine.js" type="text/javascript"></script>
<script type="text/javascript">
            $(document).ready(function() { 
                $("#submitForm").validationEngine() 
            })  
</script>
</head>
<body>

<div class="container">
<div class="center_div">
<h2>Submit Your Quote</h2>
<fieldset>
<form id="submitForm" action="qinsert.php" method="post">
<div class="field">
<label>Author: </label>
<input id="author" name="author" type="text" class="validate[required,custom[onlyLetter],length[0,100]]">
</div><br />
<div class="field">
<label>Quote: </label>
<textarea id="quote" name="quote" class="validate[required, length[0,1000]]"></textarea>
<br />
</div>
<input id="button1" type="submit" value="Submit" class="submit" /><br />
<input id="button2" type="reset" value="Reset" /> 
</form>
</fieldset>
</div>
</div>


</body>
</html>

//////////////////////

query in php:

//<?php
//header('Content-Type: text/html; charset=UTF-8');
//?>
<!doctype html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="style2.css" /> 
<title>Your Quote Databank</title>
</head>
<body>

<?php
include 'config.php';

echo "Connected <br />";


//check for quotes and apostrophes

$author = '';
$quote = '';

$author = $_POST['author'];
$quote = $_POST['quote'];

$author = mysql_real_escape_string(trim($author)); 
$quote = mysql_real_escape_string(trim($quote)); 


//**************************


//validating data

$query = "SELECT * FROM Quotes where cQuotes = '$quote' limit 1;";

$result = mysql_query($query, $conn);

//now check that the number of rows is 0

if (mysql_num_rows($result) > 0 ) {
header("Location: /error.html");
exit;
}



//inserting data
//mysql_query("SET NAMES 'utf8'");
//mysql_query("SET CHARACTER SET utf8");
$sql="INSERT INTO Quotes (vauthor, cquotes)
VALUES ('$author', '$quote')";

if (!mysql_query($sql,$conn))
  {
  die('Error: ' . mysql_error());
  }
echo "<div class='container'><p><label class='lbl_record'> Record Added Successfully!</label>";
echo "<a href='qform.html'> Submit a New Quote!</a></p>";

//**************************


//selecting data
$result = mysql_query("SELECT * FROM Quotes ORDER BY idQuotes DESC");

echo "<div class='center_div'>";
echo "<table>
<thead>
<tr>
<th>Author</th>
<th>Quotes</th>
</tr>
</thead>";

while($row = mysql_fetch_array($result))
  {
  echo "<tbody><tr>";
  echo "<td width='150px'>" . $row['vAuthor'] . "</td>";
  echo "<td>" . $row['cQuotes'] . "</td>";
  echo "</tr>";
  }
echo "</tbody></table>";
echo "</div></div>";
//**************************

include 'close_config.php';

?>

</body>
</html>


Incorrect string value: '\xE4\xEE\xC3\xD8\xEF\xE6...'

That looks like an Arabic string encoded in ISO-8859-6. You will get this error if you have received an ISO-8859-6 byte string and are attempting to insert it into a UTF-8 database table.

Your script should not have received ISO-8859-6 from the browser, if your form page is correctly marked up as UTF-8 as the meta would imply. Check in the browser that when the form is displayed, the View->Encoding menu has ‘UTF-8’ ticked. The <meta> might be overridden by the web server passing back a real Content-Type: text/html;charset=... header.

This could also possibly happen if your PHP is trying to use the wrong charset to talk to the server. I see you've commented out a SET NAMES... I'd use mysql_set_charset('utf8'); in preference.

echo "<td>" . $row['cQuotes'] . "</td>";

You need to HTML-encode the output here but not because of charset issues. Any < and & characters need encoding in the text otherwise they can inject unwanted HTML markup, including JavaScript, in which case you have cross-site-scripting problems.

echo '<td>'.htmlspecialchars($row['cQuotes']).'</td>';

Aside: ...however, PHP is a templating language. Use it, don't fight it by trying to do string templating yourself.

<table>
    <?php while ($row= mysql_fetch_array($result)) { ?>
        <tr>
            <td width="150"><?php h($row['vAuthor']) ?></td>
            <td><?php h($row['cQuotes']) ?></td>
        </tr>
    <?php } ?>
</table>

(width="150px" doesn't work, px is for CSS only.) The above assumes a helper function like this to stop you having to type htmlspecialchars so much:

function h($s) {
    echo htmlspecialchars($s, ENT_QUOTES);
}

there is no such thing "characters". there is encoding only. You must determine encoding you're using. And then set this encoding for the all three parts of your application:

  • HTML page
  • PHP script
  • database

UTF-8 is strongly recommended.
To use it, you must set your database encoding, by creating tables with default charset=utf8, mysql client encoding, by executing SET NAMES utf8 query in your client side application, and by setting header("Content-Type: text/html; charset=utf-8"); for the page that contain html form and for the page with results

According to your edition:
Add this line in your config.php file:

mysql_query("SET NAMES utf8");

And also check mysql tables encoding. You can do it with show create table Quotes query

You do not need to use HTML entities. You need to pick a character encoding that's suitable for Arabic characters (such as UTF-8) and make use all the intermediate tools use it properly: MySQL, mysql_query(), PHP, HTML...

Try this:

while($row = mysql_fetch_array($result))
{
  echo "<tbody><tr>";
  echo "<td width='150px'>" . htmlentities($row['vAuthor']) . "</td>";
  echo "<td>" . htmlentities($row['cQuotes']) . "</td>";
  echo "</tr>";
}

for more details see htmlentities function ref

while you are using jquery validation you can try this for Arabic 

"onlyLetterSp": {
    "regex": /^[a-zA-Z\u0600-\u06FF\ \']+$/,
    "alertText": "* أحرف فقط"
},

继续阅读:character-encodingdatabasephp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9