Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.3k views
in Technique[技术] by (71.8m points)

how to insert special character in mysql via php and display on html page

how to insert special characters into a database(MySQL) like

Registered symbol ( ? ) OR Copyright sign ( ? ) OR Trade Mark sign ( ? )

Also I want to display as original on the html page.

What I have to do in both side (front end and back end), please elaborate

Which function is more effective?

Method 1:

$_GET = array_map('trim', $_GET);
$_POST = array_map('trim', $_POST);
 
if(get_magic_quotes_gpc()){
  $_GET = array_map('stripslashes', $_GET);
  $_POST = array_map('stripslashes', $_POST);  
  
  $_GET = array_map('strip_tags', $_GET);
  $_POST = array_map('strip_tags', $_POST);  
 }
 else{
  $_GET = array_map('mysql_real_escape_string', $_GET);
  $_POST = array_map('mysql_real_escape_string', $_POST);   
 }

Method 2:

  foreach ($_POST as $key=>$value){
        if (!get_magic_quotes_gpc()) {
          return addslashes(htmlentities(strip_tags($value),ENT_QUOTES,'UTF-8'));
          } 
          else {
             return htmlentities(strip_tags($value),ENT_QUOTES,'UTF-8');
          }
  }

I am a bit confused what is the difference between

htmlentities() and htlspecialchars(), and which one i have to use?

which function should be used addslashes() or stripslashes() when insert into database?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Just simply add those symbols to your text, and execute it as SQL query:

INSERT INTO tbl_name VALUES ("Here's my text: ??");

When you want to display it one the website don't do anything with these symbols (but remember to escape at least <, >, & (using htmlspecialchars()) cause those has special meaning in XML/SGML (HTML) documents)

PS. Also remember to escape text passed to SQL query using mysql_real_escape_string() to avoid any SQL Injection problems. If your server has magic_quotes_gpc enabled disable it or at least filter your GET/POST/COOKIE data to its raw value. You should always consciously escape values.

EDIT:

According to your comment... I don't remember whether magic_quotes_gpc are enabled by default but you can easily undone magic quotes effect. Just on the very beginning of your PHP code add something like this:

if (get_magic_quotes_gpc()) {
  array_walk_recursive($_GET, 'stripslashes');
  array_walk_recursive($_POST, 'stripslashes');
  array_walk_recursive($_COOKIE, 'stripslashes');
}

Now each GPC value should be always raw - without quotes - so you have to escape it manually before passing any variable into query.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...