Search do not search for letter “š”


#1

NOTE: it works on phpMyAdmin also works if i do this in country query LIKE '%"Šveice"%'

I have search bar in my website .If I try to find word “Šveice” (Šveice in Latvian = “Switzerland” in English) it will not find anything but if I try to search “veice” it will find it. All other letters are working.

This is what i got :

GET search

if (isset($_GET['query'])){
    $query = htmlentities($_GET['query'], ENT_QUOTES, "UTF-8");
}

input

 <input type="search" name="query" placeholder="Search..">

Using on database

varchar(100)    utf8_latvian_ci 

part of query

(address LIKE '%".$query."%' OR country LIKE '%".$query."%')

This is an old and answered question from stack overflow: https://stackoverflow.com/questions/39529923/search-do-not-search-for-letter-š

It did the trick back then but now it wont work and in url i get back query=&Scaron;veice instead of query=Šveice and even $_GET['query'] output is empty :frowning: Please help me finally fix this issue!


#2

Why didn’t you follow the tip you have been given on Stackoverflow?

What i did:

  1. go to phpmyadmin, create a new database with colation utf8_latvian_ci, create a new table with colation utf8_latvian_ci, insert some words incl. yours

  2. create a file, open it in Notepad++, set encoding to utf8 WITHOUT BOM, setting the utf8 header, create a new PDO instance with setting the charset and try a search


header('Content-Type: text/plain; charset=utf-8');

print_r($_GET); // [search] => Šveice

$pdo = new PDO('mysql:host=localhost;dbname=latvian;charset=utf8', 'root', '');

$searches = $pdo->prepare('select * from searches');
$searches->execute();
$results = $searches->fetchAll();
print_r($results);
/*
Array
(
    [0] => Array
        (
            [searchword] => service
        )

    [1] => Array
        (
            [searchword] => Šveice
        )

)
*/

$searches = $pdo->prepare('select * from searches where searchword like ?');
$searches->execute(['%'.$_GET['search'].'%']);
$results = $searches->fetchAll();
print_r($results);
/*
Array
(
    [0] => Array
        (
            [searchword] => Šveice
        )

)
*/

#3

@chorn i do not have PDO here . …

I have simple mysqli

$conn = new mysqli($DBServer, $DBUser, $DBPass, $DBName, $DBPort);
if ($conn->connect_error) {
	echo "Database connection failed: " . $conn->connect_error, E_USER_ERROR;
}
mysqli_set_charset($conn,"utf8");

And there are no time to change that.


#4

For now i think i fixed it! First of all form was POST and i think it did mess something up. … and i replaced

if (isset($_GET['query'])){$query= htmlentities($_GET['query'], ENT_QUOTES, "UTF-8");}

with

if (isset($_GET['query'])){$query= mysqli_real_escape_string($conn, $_GET['query']);}

I m not sure how secure that is but it works. … Thanks @chorn for your time!


#5

mysqli_real_escape_string() is more secure than htmlentities(), since the latter is not secure (regarding SQL injection) at all.


#6

Thanks for comment man!