SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    help with an encoding issue.

    Hi guys I have a rating system that won't let users rate items which contain a single quote character within their string name:

    Item such as :
    Nike Air Force 1-Men's
    It would rate items with character such as in "Cotél" "popó" "Censáto" and so on but as I said before it won't INSERT character such as in item name "Men's " because of the single quote.

    Is that possible to add the single quote character to the encoding in use?

    So far i have don't all of the steps below to make it work with not results...

    the character encoding used is utf8, I find strange this character ecoding won't have a single quote inside their character set.

    1- Once I have connected to the DB, I have use mysql_set_charset() as below

    PHP Code:
    <?php header('Content-type: text/html; charset=utf-8');?>
    <?php 
    require("constant.php");
     
    $connection mysql_connect(DB_SERVER,DB_USER,DB_PASS);
    if(!
    $connection){
    die(
    "Database connection failed:" mysql_error());
    }
    mysql_set_charset('utf8',$connection); 

    $db_select mysql_select_db(DB_NAME$connection);
    if(!
    $db_select){
    die(
    "Database selection failed: " mysql_error());
    }
    ?>
    2- I have Explicitly sent an HTTP Content-Type header with UTF-8 as in below

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
    >
          <
    html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
    <
    head>
    <
    meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <
    link type="text/css" href="stylesheets/main.css" rel="stylesheet" media="all" /> 
    3-I have made sure that the encoding of the files itself is UTF-8

    For saving the file in utf8 I have used dreamweaver CS3, went to Modify--- page properties--- title/encoding category---- and reload...


    After all this modification and applications still the database won't recieve any data which contain any of those types of characters, Any other suggestion


    Thank you...

  2. #2
    PHP Guru lampcms.com's Avatar
    Join Date
    Jan 2009
    Posts
    921
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't think this is an encoding issue.
    Show us how you insert the data in the database table?
    My project: Open source Q&A
    (similar to StackOverflow)
    powered by php+MongoDB
    Source on github, collaborators welcome!

  3. #3
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this is a rating system by cpradio he uses OOP method.

    PHP Code:
         if (Rating::CheckRatingsByIp($varItem) == 0)
              {
                
    $ipAddress $_SERVER['REMOTE_ADDR'];
                
                 
    $varItem mysql_real_escape_string($varItem);
                
                
    Database::ExecuteQuery("INSERT INTO `rating` (`item_name`, `rating`, `ip_address`, `date_rated`) VALUES ('{$varItem}', {$varRating}, '{$ipAddress}', NOW())""InsertRating");
                
    mysql_real_escape_string($varItem); 
                
    Database::FetchResults("InsertRating");
                
    Database::FreeResults("InsertRating");
                
    Database::RemoveSavedResults("InsertRating");
                
                
    // Information for the Output
                
    $averageStars  Rating::CalculateAverageRating($varItem);
                
    $newClassNames "rated " Rating::ShowStars($averageStars);
              }
            } 
    The above is the INSERT point and i have used it twice not sure where mysql_real_escape_string() function should go below or above he INSERT query..

    Someone has suggested to use the addslashes() function too. So far mysql_real_escape_string() funcion has not work.

  4. #4
    SitePoint Wizard
    Join Date
    Nov 2005
    Posts
    1,191
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by co.ador View Post
    The above is the INSERT point and i have used it twice not sure where mysql_real_escape_string() function should go below or above he INSERT query..

    Someone has suggested to use the addslashes() function too. So far mysql_real_escape_string() funcion has not work.
    Might make more sense to you if you actually find out what they do. What the hell would be the point of escaping a string for insertion after it's been inserted???

  5. #5
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you might actually think I have put the second one of the two right because of the language you using? but not It was put in there by the original coder, Excuse him!!!, I have put the first one because I have thought the same thing why putting it after insertion. In case you have mention that "hell word" is for the him...

    and yes I have read about the functions but still doesn't work thanks!

  6. #6
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    And the addslashes and mysql_real_escape_string functions are all over within the script for $varItem variable.

    that's what addslashes supposed to do... http://www.w3schools.com/php/func_string_addslashes.asp

    Well see at the html frame it is manually escaping / / the $varItem variables and all the html, properties and values. That lead me to think that after escaping the variable so many times it will end up with severals slashes by the time it goes in the database
    / / / / /giovanni's /////
    it just a supposition.

    PHP Code:
    <?php header('Content-type: text/html; charset=utf-8');?>
    <?php
        
    class Rating
      
    {
        
    ## PRIVATE VARIABLES
        ## END PRIVATE VARIABLES

        ## PUBLIC METHODS
          // Output the Rating information
          // Returns a string of HTML
          
    public static function OutputRating ($varItem)
          {
            
    // Verify $varItem was provided
            
    if ($varItem != null && strlen(trim($varItem)) != 0)
            {
              
    // Check if Magic QUotes is ON
              
    if (!get_magic_quotes_gpc())
              {
                
    $varItem addslashes($varItem);
              }
              
              
    // Information for the Output
              
    $averageStars Rating::CalculateAverageRating($varItem);
              
              
    // Check to see that the user has not already rated this item
              
    if (Rating::CheckRatingsByIp($varItem) == 0)
              {
                
    $classes      "rating " Rating::ShowStars($averageStars);
                
                
    // Write Output HTML for the Rating Data
                
    $output  "\r\n";
                
    $output .= "<ul class=\"{$classes}\" id=\"{$varItem}\">\r\n";
                
    $output .= "  <li class=\"one\"><a   href=\"javascript:RateItem('{$varItem}', 1);\" title=\"1 Star\">1</a></li>\r\n";
                
    $output .= "  <li class=\"two\"><a   href=\"javascript:RateItem('{$varItem}', 2);\" title=\"2 Stars\">2</a></li>\r\n";
                
    $output .= "  <li class=\"three\"><a href=\"javascript:RateItem('{$varItem}', 3);\" title=\"3 Stars\">3</a></li>\r\n";
                
    $output .= "  <li class=\"four\"><a  href=\"javascript:RateItem('{$varItem}', 4);\" title=\"4 Stars\">4</a></li>\r\n";
                
    $output .= "  <li class=\"five\"><a  href=\"javascript:RateItem('{$varItem}', 5);\" title=\"5 Stars\">5</a></li>\r\n";
                
    $output .= "</ul>\r\n";
              }
              else
              {
                
    $classes      "rated " Rating::ShowStars($averageStars);
                
                
                
    // Write Output HTML for the Rating Data
                
    $output  "\r\n";
                
    $output .= "<ul class=\"{$classes}\" id=\"{$varItem}\">\r\n";
                
    $output .= "  <li class=\"one\">1</li>\r\n";
                
    $output .= "  <li class=\"two\">2</li>\r\n";
                
    $output .= "  <li class=\"three\">3</li>\r\n";
                
    $output .= "  <li class=\"four\">4</li>\r\n";
                
    $output .= "  <li class=\"five\">5</li>\r\n";
                                                
                
    $output .= "</ul>\r\n";
              }
            }
            else
            {
              
    $output "";
              
    // This is a major issue. NO information can be retrieve if an item name is not passed.
              
    Error::LogError("Variable Missing""You must provide the item name for this function to find the average.");
            }
            
            return 
    $output;
          }

          
    // Rate an Item
          // Returns the name/value pair of new class names and the item name
          
    public static function RateItem($varItem$varRating$varClasses)
          {
            
    $newClassNames $varClasses;
            
            
    // Verify $varName was provided
            
    if ($varItem != null && strlen(trim($varItem)) != 0
              
    && $varRating != null && strlen(trim($varRating)) != && is_numeric($varRating
              && 
    $varClasses != null && strlen(trim($varClasses)) != 0)
            {
              
    // Check if Magic Quotes is ON
              
    if (!get_magic_quotes_gpc())
              {
                
    $varItem addslashes($varItem);
              }
              
              
    // Check to see that the user has not already rated this item
              
    if (Rating::CheckRatingsByIp($varItem) == 0)
              {
                
    $ipAddress $_SERVER['REMOTE_ADDR'];
                
                 
    $varItem addslashes($varItem);
                
                
    Database::ExecuteQuery("INSERT INTO `rating` (`item_name`, `rating`, `ip_address`, `date_rated`) VALUES ('{$varItem}', {$varRating}, '{$ipAddress}', NOW())""InsertRating");
                
    mysql_real_escape_string($varItem); 
                
    Database::FetchResults("InsertRating");
                
    Database::FreeResults("InsertRating");
                
    Database::RemoveSavedResults("InsertRating");
                
                
    // Information for the Output
                
    $averageStars  Rating::CalculateAverageRating($varItem);
                
    $newClassNames "rated " Rating::ShowStars($averageStars);
              }
            }
            else
            {
              
    // This is a major issue. NOT enough information was sent to log the item
              
    Error::LogError("Variable(s) Missing""You must provide all of the information to log the rating of this item.");
            }
            
            
    // Build Name/Value Pair to return
            
    $nameValue "classes={$newClassNames}&item={$varItem}";
            return 
    $nameValue;
          }
        
    ## END PUBLIC METHODS
        
        ## PRIVATE METHODS
          // Calculate Average Rating
          // Returns the number of stars to show
          
    private static function CalculateAverageRating($varItem)
          {
            
    $averageStars 0;
            
            
    // Query Average Rating for a specific Item
            
            
    $varItem mysql_real_escape_string($varItem);
            
            
    Database::ExecuteQuery("SELECT AVG(`rating`) AS `averageRating` FROM `rating` WHERE `item_name`='{$varItem}'""AverageRating");
            
    $results Database::FetchResults("AverageRating");
            
    Database::FreeResults("AverageRating");
            
    Database::RemoveSavedResults("AverageRating");
            
            
    // Round the Average into a Whole Number
            
    if (sizeof($results) == 1)
            {
              if (
    $results[0]['averageRating'] != null)
              {
                
    $averageStars round($results[0]["averageRating"], 0);
              }
            }
            else
            {
              
    // This is simply a warning, as it isn't vital if no results were found, as the item may be new.
              
    Error::LogWarning("Rating Data Missing""No entries were found for '{$varName}', this might be the first entry.");
            }
            
            return 
    $averageStars;
          }
          
          
    // Show Stars
          // Returns the class information for the number of stars to show
        
    private static function ShowStars($varStars)
    {
        
    $aStars = array(
            
    1    =>    'onestar',
            
    2    =>    'twostar',
            
    3    =>    'threestar',
            
    4    =>    'fourstar',
            
    5    =>    'fivestar'
        
    );
        return (
    true === array_key_exists((integer)$varStars$aStars)) ? $aStars[(integer)$varStars] : 'nostar' ;


          
          
    // Check Ratings By IP Address
          // Returns the number of ratings for an item by an ip address
          
    private static function CheckRatingsByIp($varItem)
          {
            
    $ipAddress $_SERVER['REMOTE_ADDR'];
            
    $varItem mysql_real_escape_string($varItem);
            
    Database::ExecuteQuery("SELECT COUNT(*) AS `totalRatings` FROM `rating` WHERE `item_name`='{$varItem}' AND `ip_address`='{$ipAddress}'""AlreadyRated");
            
            
    $results Database::FetchResults("AlreadyRated");
            
    Database::FreeResults("AlreadyRated");
            
    Database::RemoveSavedResults("AlreadyRated");
            
            
    // Check to see that the user has not already rated this item
            
    if ($results != null && $results[0]['totalRatings'] != null)
            {
              return 
    $results[0]['totalRatings'];
            }
            
            return 
    0;
          }
        
    ## END PRIVATE METHODS
      
    }
    ?>
    And please stop using dirty language in my threads please.

  7. #7
    SitePoint Wizard
    Join Date
    Nov 2005
    Posts
    1,191
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it just a supposition.
    Why is it just a supposition? I guess it's not possible to print out a variable or query and see.

    Magic quotes is deprecated (and removed in PHP6). You should check to see if it's on and strip slashes, not the other way round.

  8. #8
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it is possible it just a lot of information to remember...

    Now I remember someone in the pass saying that that function was deprecated that's why is not escaping... Well I was never going to remember about that function being deprecated.

    let me consider that into account.


    I do appreciate you directing in a way where I will learn...

    thanks!

  9. #9
    SitePoint Wizard co.ador's Avatar
    Join Date
    Apr 2009
    Posts
    1,054
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    is there any need to substitute that function for php6?

    right now I have make an echo after the get_magic_quotes function

    PHP Code:
    if (!get_magic_quotes_gpc())
              {
                
    $varItem addslashes($varItem);
              }
              echo 
    $varItem
    that is on top of the script and in the browser is display as if it is escaping...

    Rating:
    Gonzalos\'s store

    * 1
    * 2
    * 3
    * 4
    * 5

    Description:
    But still it won't enter in the data base so it shoud be another issue here....

  10. #10
    SitePoint Wizard PHPycho's Avatar
    Join Date
    Dec 2005
    Posts
    1,201
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Better solution:
    PHP Code:
    if(function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime())
        
    set_magic_quotes_runtime(false);

    if(
    get_magic_quotes_gpc()) {
        
    array_stripslashes($_POST);
        
    array_stripslashes($_GET);
        
    array_stripslashes($_COOKIES);
    }

    function 
    array_stripslashes(&$array) {
        if(
    is_array($array))
            while(list(
    $key) = each($array))
                if(
    is_array($array[$key]))
                    
    array_stripslashes($array[$key]);
                else
                    
    $array[$key] = stripslashes($array[$key]);

    For further information see Disabling Magic Quotes.

  11. #11
    SitePoint Enthusiast presotrader's Avatar
    Join Date
    Mar 2009
    Posts
    26
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Many thanks to OP and PHPycho for this - got the same problem in a custom comment system - the original programmer just shrugged when I mentioned the issue (things like "Editor's choice" become "Editor\'s choice"). Now off to disabling the magic quotes :-)
    Manage PDF workflows with Hummingbird. Use a Nitro PDF coupon


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •