M.BABER Zaman M.BABER Zaman - 1 month ago 7
MySQL Question

French Characters are not saving in database via php

I am using the MySQL and PHP to save posts into database. But when i write French language or any other characters in Description. It is not saving it.
But Simple text is Saving perfectly.

This is my Connection file

DEFINE('DATABASE_USER', 'db_user');
DEFINE('DATABASE_PASSWORD', 'db_password');
DEFINE('DATABASE_HOST', 'localhost');
DEFINE('DATABASE_NAME', 'db_name');

date_default_timezone_set('UTC');

ini_set('SMTP', "mail.myt.mu"); // Overide The Default Php.ini settings for sending mail


//This is the address that will appear coming from ( Sender )
define('EMAIL', 'k4baber@hotmail.com');

/*Define the root url where the script will be found such as http://website.com or http://website.com/Folder/ */
DEFINE('WEBSITE_URL', 'http://haitibravo.com');


// Make the connection:
$dbc = @mysqli_connect(DATABASE_HOST, DATABASE_USER, DATABASE_PASSWORD,
DATABASE_NAME);

if (!$dbc) {
trigger_error('Could not connect to MySQL: ' . mysqli_connect_error());
}


I tried
mysqli_real_escap()
also $desc =
mysqli_real_escape_string($_REQUEST['description']);
But it is not saving at all .
The HTML Form submits all the information to this File..

if(isset($_REQUEST["submit"])){

$name = $_REQUEST['name'];
$category = $_REQUEST['category'];
$subcategory = $_REQUEST['items'];
$desc = $_REQUEST['description'];
$keywords = $_REQUEST['keywords'];
$address = "NULL";
$state = "NULL";
$city = $_REQUEST['city'];
$zones = $_REQUEST['zones'];
$country = $_REQUEST['country'];
$postcode = "0000";
$phone = $_REQUEST['u_phone'];


$image_name1 = $_FILES['image1']['name'];
$image_size1 =$_FILES['image1']['size'];
$image_tmp1 =$_FILES['image1']['tmp_name'];
$image_name1='prog'.rand().$image_name1;
move_uploaded_file($image_tmp1,'add_images/'.$image_name1);



$image_name2 = $_FILES['image2']['name'];
$image_size2 =$_FILES['image2']['size'];
$image_tmp2 =$_FILES['image2']['tmp_name'];
$image_name2='prog'.rand().$image_name2;
move_uploaded_file($image_tmp2,'add_images/'.$image_name2);

$image_name3 = $_FILES['image3']['name'];
$image_size3 =$_FILES['image3']['size'];
$image_tmp3 =$_FILES['image3']['tmp_name'];
$image_name3='prog'.rand().$image_name3;
move_uploaded_file($image_tmp3,'add_images/'.$image_name3);

$price = $_REQUEST['price'];
$date = date('Y-m-d');
$u_id = $_SESSION['u_id'];
$u_name= $_SESSION['u_name'];
$status= "0";
$flag = "0";
$mysql_query = "INSERT INTO `bravo_ads`(`ad_title`, `ad_category`, `ad_sub_cat`, `ad_description`, `ad_keywords`, `ad_address`, `ad_state`, `ad_city`, `ad_zone`, `ad_country`, `post_code`, `ad_img_1`, `ad_img_2`, `ad_img_3`, `ad_price`, `u_id`, `u_name`, `u_phone`, `ad_date`, `ad_status`, `flag`) VALUES ('$name','$category','$subcategory','$desc','$keywords','$address','$state', '$city', '$zones','$country','$postcode','$image_name1','$image_name2','$image_name3','$price','$u_id','$u_name', '$phone', '$date','$status','$flag')";

$query_OK = mysqli_query($dbc, $mysql_query);

if($query_OK){
$message = '<div class="success"><b>Operation avec success...!</b> Votre produit a bien été posté . Il sera publié après approbation Administrateur</div>';

}else{

$message = '<div class="failed"><b>Operation échoué...!</b> Desoler, Votre produit nas pas ete afficher . Quelque chose a mal tourné . Veuillez réessayer plus encore</div>';
}}


$desc
,
$name
,
$keywords
These things creates issue when i try to save

Answer

First always check for errors on your query. Do do this use mysqli_error.

So in your else where you just output failure put in:

printf("Errormessage: %s\n", mysqli_error($dbc));

This will give you a detailed message of what is erring.

As you have stated this gave you

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'achat et autres achats en ligne | Bravo Market |Haiti Bravo|HaitBravo Produits' at line 1

Per your provided data as well

The Title (L'homme )
Keywords (L'homme, d'achat)
description (Produits Électroniques, Voitures, Vêtements, Objets de colléction, Bons d'achat et autres achats en ligne )

So the quote in L'homme is ending your your encapsulated value and then mysql is presuming homme is something it should know.

Since you only escaped the description this didn't help. You need to escape all inputs. A better approach is to use prepared statements.

This error you are encountering also is how SQL injections occur. User data should never be directly inputted into a SQL query.

So to put it all together.

if(isset($_REQUEST["submit"])){

        $name = mysqli_real_escape_string($dbc, $_REQUEST['name']);
        $category = mysqli_real_escape_string($dbc, $_REQUEST['category']);
        $subcategory = mysqli_real_escape_string($dbc, $_REQUEST['items']);
        $desc = mysqli_real_escape_string($dbc, $_REQUEST['description']);
        $keywords = mysqli_real_escape_string($dbc, $_REQUEST['keywords']);
        $address = "NULL";
        $state = "NULL";
        $city = mysqli_real_escape_string($dbc, $_REQUEST['city']);
        $zones = mysqli_real_escape_string($dbc, $_REQUEST['zones']);
        $country = mysqli_real_escape_string($dbc, $_REQUEST['country']);
        $postcode = "0000";
        $phone = mysqli_real_escape_string($dbc, $_REQUEST['u_phone']);


        $image_name1 = $_FILES['image1']['name'];
        $image_size1 =$_FILES['image1']['size'];
        $image_tmp1 =$_FILES['image1']['tmp_name'];
        $image_name1='prog'.rand().$image_name1;
        move_uploaded_file($image_tmp1,'add_images/'.$image_name1);



        $image_name2 = $_FILES['image2']['name'];
        $image_size2 =$_FILES['image2']['size'];
        $image_tmp2 =$_FILES['image2']['tmp_name'];
        $image_name2='prog'.rand().$image_name2;
        move_uploaded_file($image_tmp2,'add_images/'.$image_name2);

        $image_name3 = $_FILES['image3']['name'];
        $image_size3 =$_FILES['image3']['size'];
        $image_tmp3 =$_FILES['image3']['tmp_name'];
        $image_name3='prog'.rand().$image_name3;
        move_uploaded_file($image_tmp3,'add_images/'.$image_name3);

        $price = mysqli_real_escape_string($dbc, $_REQUEST['price']);
        $date = date('Y-m-d');
        $u_id = mysqli_real_escape_string($dbc, $_SESSION['u_id']);
        $u_name= mysqli_real_escape_string($dbc, $_SESSION['u_name']);
        $status= "0";
        $flag = "0";
$mysql_query = "INSERT INTO `bravo_ads`(`ad_title`, `ad_category`, `ad_sub_cat`, `ad_description`, `ad_keywords`, `ad_address`, `ad_state`, `ad_city`, `ad_zone`, `ad_country`, `post_code`, `ad_img_1`, `ad_img_2`, `ad_img_3`, `ad_price`, `u_id`, `u_name`, `u_phone`, `ad_date`, `ad_status`, `flag`) VALUES ('$name','$category','$subcategory','$desc','$keywords','$address','$state', '$city', '$zones','$country','$postcode','" . mysqli_real_escape_string($dbc, $image_name1) . "','" . mysqli_real_escape_string($dbc, $image_name2) . "','" . mysqli_real_escape_string($dbc,  $image_name3) . "','$price','$u_id','$u_name', '$phone', '$date','$status','$flag')";

        $query_OK = mysqli_query($dbc, $mysql_query);

        if($query_OK){
            $message = '<div class="success"><b>Operation avec success...!</b> Votre produit a bien été posté . Il sera publié après approbation Administrateur</div>';

        }else{
            printf("Errormessage: %s\n", mysqli_error($dbc));
            $message = '<div class="failed"><b>Operation échoué...!</b> Desoler, Votre produit nas pas ete afficher . Quelque chose a mal tourné . Veuillez réessayer plus encore</div>';
        }
}