tags:

views:

47

answers:

3

Hi,

I have a php script that inserts values into mySQL table

INSERT INTO stories (title) VALUES('$_REQUEST[title]);

I checked the values of my request variables before going into the table and it's fine.

But when I add title=john to the table for example,

I get something like this: title = "[][][][]john" and when I extract the value, it's a newline then john.

I have my columns set to utf-8, I tried swedish character set as well.

Note: I don't get this error when inserting values from the phpMyAdmin commandline

A: 

SET NAMES <encoding> query must be executed every time you connect to your database.
very simple rule.

where <encoding> is your HTML page encoding in mysql dialect (utf8 for the utf-8)

Col. Shrapnel
A: 

You need {} around any array notation when used inside "".

$q="INSERT INTO stories(title) VALUES('{$_REQUEST['title']}')";

BTW, it would be better, when checking your $_REQUEST vars to store the sanitized versions in new variables, and to be sure to escape them with real_escape_string()

dnagirl
no, {} are unnecessary here. but both quotes and escaping are needed
Col. Shrapnel
@Col. Shrapnel: just remembered to put in the quotes around the title index. Seems to me the nested single quotes would make `{}` required. Could you explain why I'm wrong? Tx.
dnagirl
The OP's initial syntax `"VALUES('$_REQUEST[title]')"` (assume one quote absense was a typo) was just correct. http://php.net/types.string That's ambiguous yes, but that's correct syntax.
Col. Shrapnel
A: 

You need to check the character set of the database, the server, and the client.

Note that it's not a swedish character set, it's a swedish collation.

David M