Help with an encoding issue

Hi guys I have a rating system that won’t let users rate items which contain a single quote character within their string name:

Item such as :

Nike Air Force 1-Men’s
It would rate items with character such as in “Cotél” “popó” “Censáto” and so on but as I said before it won’t INSERT character such as in item name "Men’s " because of the single quote.

Is that possible to add the single quote character to the encoding in use?

So far i have don’t all of the steps below to make it work with not results…

the character encoding used is utf8, I find strange this character ecoding won’t have a single quote inside their character set.

1- Once I have connected to the DB, I have use mysql_set_charset() as below

 
<?php header('Content-type: text/html; charset=utf-8');?>
<?php require("constant.php");
 $connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if(!$connection){
die("Database connection failed:" . mysql_error());
}
mysql_set_charset('utf8',$connection); 

$db_select = mysql_select_db(DB_NAME, $connection);
if(!$db_select){
die("Database selection failed: " . mysql_error());
}
?>

2- I have Explicitly sent an HTTP Content-Type header with UTF-8 as in below

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link type="text/css" href="stylesheets/main.css" rel="stylesheet" media="all" />

3-I have made sure that the encoding of the files itself is UTF-8

For saving the file in utf8 I have used dreamweaver CS3, went to Modify— page properties— title/encoding category---- and reload…

After all this modification and applications still the database won’t recieve any data which contain any of those types of characters, Any other suggestion

Thank you…

I don’t think this is an encoding issue.
Show us how you insert the data in the database table?

this is a rating system by cpradio he uses OOP method.

     if (Rating::CheckRatingsByIp($varItem) == 0)
          {
            $ipAddress = $_SERVER['REMOTE_ADDR'];
			
             $varItem = mysql_real_escape_string($varItem);
            
			Database::ExecuteQuery("INSERT INTO `rating` (`item_name`, `rating`, `ip_address`, `date_rated`) VALUES ('{$varItem}', {$varRating}, '{$ipAddress}', NOW())", "InsertRating");
			mysql_real_escape_string($varItem); 
            Database::FetchResults("InsertRating");
            Database::FreeResults("InsertRating");
            Database::RemoveSavedResults("InsertRating");
            
            // Information for the Output
            $averageStars  = Rating::CalculateAverageRating($varItem);
            $newClassNames = "rated " . Rating::ShowStars($averageStars);
          }
        }

The above is the INSERT point and i have used it twice not sure where mysql_real_escape_string() function should go below or above he INSERT query…

Someone has suggested to use the addslashes() function too. So far mysql_real_escape_string() funcion has not work.

Might make more sense to you if you actually find out what they do. What the hell would be the point of escaping a string for insertion after it’s been inserted???

you might actually think I have put the second one of the two right because of the language you using? but not It was put in there by the original coder, Excuse him!!!, I have put the first one because I have thought the same thing why putting it after insertion. In case you have mention that “hell word” is for the him…

and yes I have read about the functions but still doesn’t work thanks!

And the addslashes and mysql_real_escape_string functions are all over within the script for $varItem variable.

that’s what addslashes supposed to do… http://www.w3schools.com/php/func_string_addslashes.asp

Well see at the html frame it is manually escaping / / the $varItem variables and all the html, properties and values. That lead me to think that after escaping the variable so many times it will end up with severals slashes by the time it goes in the database

/ / / / /giovanni’s /////

it just a supposition.

<?php header('Content-type: text/html; charset=utf-8');?>
<?php
	class Rating
  {
    ## PRIVATE VARIABLES
    ## END PRIVATE VARIABLES

    ## PUBLIC METHODS
      // Output the Rating information
      // Returns a string of HTML
      public static function OutputRating ($varItem)
      {
        // Verify $varItem was provided
        if ($varItem != null && strlen(trim($varItem)) != 0)
        {
          // Check if Magic QUotes is ON
          if (!get_magic_quotes_gpc())
          {
            $varItem = addslashes($varItem);
          }
          
          // Information for the Output
          $averageStars = Rating::CalculateAverageRating($varItem);
          
          // Check to see that the user has not already rated this item
          if (Rating::CheckRatingsByIp($varItem) == 0)
          {
            $classes      = "rating " . Rating::ShowStars($averageStars);
            
            // Write Output HTML for the Rating Data
            $output  = "\\r\
";
            $output .= "<ul class=\\"{$classes}\\" id=\\"{$varItem}\\">\\r\
";
            $output .= "  <li class=\\"one\\"><a   href=\\"javascript:RateItem('{$varItem}', 1);\\" title=\\"1 Star\\">1</a></li>\\r\
";
            $output .= "  <li class=\\"two\\"><a   href=\\"javascript:RateItem('{$varItem}', 2);\\" title=\\"2 Stars\\">2</a></li>\\r\
";
            $output .= "  <li class=\\"three\\"><a href=\\"javascript:RateItem('{$varItem}', 3);\\" title=\\"3 Stars\\">3</a></li>\\r\
";
            $output .= "  <li class=\\"four\\"><a  href=\\"javascript:RateItem('{$varItem}', 4);\\" title=\\"4 Stars\\">4</a></li>\\r\
";
            $output .= "  <li class=\\"five\\"><a  href=\\"javascript:RateItem('{$varItem}', 5);\\" title=\\"5 Stars\\">5</a></li>\\r\
";
			$output .= "</ul>\\r\
";
          }
          else
          {
            $classes      = "rated " . Rating::ShowStars($averageStars);
			
            
            // Write Output HTML for the Rating Data
            $output  = "\\r\
";
            $output .= "<ul class=\\"{$classes}\\" id=\\"{$varItem}\\">\\r\
";
            $output .= "  <li class=\\"one\\">1</li>\\r\
";
            $output .= "  <li class=\\"two\\">2</li>\\r\
";
            $output .= "  <li class=\\"three\\">3</li>\\r\
";
            $output .= "  <li class=\\"four\\">4</li>\\r\
";
            $output .= "  <li class=\\"five\\">5</li>\\r\
";
						            		
            $output .= "</ul>\\r\
";
          }
        }
        else
        {
          $output = "";
          // This is a major issue. NO information can be retrieve if an item name is not passed.
          Error::LogError("Variable Missing", "You must provide the item name for this function to find the average.");
        }
        
        return $output;
      }

      // Rate an Item
      // Returns the name/value pair of new class names and the item name
      public static function RateItem($varItem, $varRating, $varClasses)
      {
        $newClassNames = $varClasses;
        
        // Verify $varName was provided
        if ($varItem != null && strlen(trim($varItem)) != 0
          && $varRating != null && strlen(trim($varRating)) != 0 && is_numeric($varRating) 
          && $varClasses != null && strlen(trim($varClasses)) != 0)
        {
          // Check if Magic Quotes is ON
          if (!get_magic_quotes_gpc())
          {
            $varItem = addslashes($varItem);
          }
          
          // Check to see that the user has not already rated this item
          if (Rating::CheckRatingsByIp($varItem) == 0)
          {
            $ipAddress = $_SERVER['REMOTE_ADDR'];
			
             $varItem = addslashes($varItem);
            
			Database::ExecuteQuery("INSERT INTO `rating` (`item_name`, `rating`, `ip_address`, `date_rated`) VALUES ('{$varItem}', {$varRating}, '{$ipAddress}', NOW())", "InsertRating");
			mysql_real_escape_string($varItem); 
            Database::FetchResults("InsertRating");
            Database::FreeResults("InsertRating");
            Database::RemoveSavedResults("InsertRating");
            
            // Information for the Output
            $averageStars  = Rating::CalculateAverageRating($varItem);
            $newClassNames = "rated " . Rating::ShowStars($averageStars);
          }
        }
        else
        {
          // This is a major issue. NOT enough information was sent to log the item
          Error::LogError("Variable(s) Missing", "You must provide all of the information to log the rating of this item.");
        }
        
        // Build Name/Value Pair to return
        $nameValue = "classes={$newClassNames}&item={$varItem}";
        return $nameValue;
      }
    ## END PUBLIC METHODS
    
    ## PRIVATE METHODS
      // Calculate Average Rating
      // Returns the number of stars to show
      private static function CalculateAverageRating($varItem)
      {
        $averageStars = 0;
        
        // Query Average Rating for a specific Item
		
		$varItem = mysql_real_escape_string($varItem);
        
		Database::ExecuteQuery("SELECT AVG(`rating`) AS `averageRating` FROM `rating` WHERE `item_name`='{$varItem}'", "AverageRating");
        $results = Database::FetchResults("AverageRating");
        Database::FreeResults("AverageRating");
        Database::RemoveSavedResults("AverageRating");
        
        // Round the Average into a Whole Number
        if (sizeof($results) == 1)
        {
          if ($results[0]['averageRating'] != null)
          {
            $averageStars = round($results[0]["averageRating"], 0);
          }
        }
        else
        {
          // This is simply a warning, as it isn't vital if no results were found, as the item may be new.
          Error::LogWarning("Rating Data Missing", "No entries were found for '{$varName}', this might be the first entry.");
        }
        
        return $averageStars;
      }
      
      // Show Stars
      // Returns the class information for the number of stars to show
    private static function ShowStars($varStars)
{
    $aStars = array(
        1    =>    'onestar',
        2    =>    'twostar',
        3    =>    'threestar',
        4    =>    'fourstar',
        5    =>    'fivestar'
    );
    return (true === array_key_exists((integer)$varStars, $aStars)) ? $aStars[(integer)$varStars] : 'nostar' ;
} 

	  
      // Check Ratings By IP Address
      // Returns the number of ratings for an item by an ip address
      private static function CheckRatingsByIp($varItem)
      {
        $ipAddress = $_SERVER['REMOTE_ADDR'];
        $varItem = mysql_real_escape_string($varItem);
        Database::ExecuteQuery("SELECT COUNT(*) AS `totalRatings` FROM `rating` WHERE `item_name`='{$varItem}' AND `ip_address`='{$ipAddress}'", "AlreadyRated");
		
        $results = Database::FetchResults("AlreadyRated");
        Database::FreeResults("AlreadyRated");
        Database::RemoveSavedResults("AlreadyRated");
        
        // Check to see that the user has not already rated this item
        if ($results != null && $results[0]['totalRatings'] != null)
        {
          return $results[0]['totalRatings'];
        }
        
        return 0;
      }
    ## END PRIVATE METHODS
  }
?> 

And please stop using dirty language in my threads please.

it just a supposition.

Why is it just a supposition? I guess it’s not possible to print out a variable or query and see.

Magic quotes is deprecated (and removed in PHP6). You should check to see if it’s on and strip slashes, not the other way round.

it is possible it just a lot of information to remember…

Now I remember someone in the pass saying that that function was deprecated that’s why is not escaping… Well I was never going to remember about that function being deprecated.

let me consider that into account.

I do appreciate you directing in a way where I will learn…

thanks!

is there any need to substitute that function for php6?

right now I have make an echo after the get_magic_quotes function

if (!get_magic_quotes_gpc())
          {
            $varItem = addslashes($varItem);
          }
          echo $varItem;

that is on top of the script and in the browser is display as if it is escaping…

Rating:
Gonzalos\'s store

* 1
* 2
* 3
* 4
* 5

Description:

But still it won’t enter in the data base so it shoud be another issue here…

Better solution:

if(function_exists('get_magic_quotes_runtime') && get_magic_quotes_runtime())
    set_magic_quotes_runtime(false);

if(get_magic_quotes_gpc()) {
    array_stripslashes($_POST);
    array_stripslashes($_GET);
    array_stripslashes($_COOKIES);
}

function array_stripslashes(&$array) {
    if(is_array($array))
        while(list($key) = each($array))
            if(is_array($array[$key]))
                array_stripslashes($array[$key]);
            else
                $array[$key] = stripslashes($array[$key]);
}

For further information see Disabling Magic Quotes.

Many thanks to OP and PHPycho for this - got the same problem in a custom comment system - the original programmer just shrugged when I mentioned the issue (things like “Editor’s choice” become “Editor\'s choice”). Now off to disabling the magic quotes