法语字符不通过PHP保存在数据库中

时间:2015-10-24 22:38:19

标签: php mysql collation

我使用MySQL和PHP将帖子保存到数据库中。但是当我在描述中写法语或任何其他字符时。它没有保存它。 但简单的文字是完美的保存。

这是我的连接文件

DEFINE('DATABASE_USER', 'db_user');
DEFINE('DATABASE_PASSWORD', 'db_password');
DEFINE('DATABASE_HOST', 'localhost');
DEFINE('DATABASE_NAME', 'db_name');

date_default_timezone_set('UTC');

ini_set('SMTP', "mail.myt.mu"); // Overide The Default Php.ini settings for sending mail


//This is the address that will appear coming from ( Sender )
define('EMAIL', 'k4baber@hotmail.com');

/*Define the root url where the script will be found such as http://website.com or http://website.com/Folder/ */
DEFINE('WEBSITE_URL', 'http://haitibravo.com');


// Make the connection:
$dbc = @mysqli_connect(DATABASE_HOST, DATABASE_USER, DATABASE_PASSWORD,
    DATABASE_NAME);

if (!$dbc) {
    trigger_error('Could not connect to MySQL: ' . mysqli_connect_error());
}

我尝试了mysqli_real_escap() $ desc = mysqli_real_escape_string($_REQUEST['description']);但它根本没有保存。 HTML表单将所有信息提交给此文件.. 

if(isset($_REQUEST["submit"])){

        $name = $_REQUEST['name'];
        $category = $_REQUEST['category'];
        $subcategory = $_REQUEST['items'];
        $desc = $_REQUEST['description'];
        $keywords = $_REQUEST['keywords'];
        $address = "NULL";
        $state = "NULL";
        $city = $_REQUEST['city'];
        $zones = $_REQUEST['zones'];
        $country = $_REQUEST['country'];
        $postcode = "0000";
        $phone = $_REQUEST['u_phone'];


        $image_name1 = $_FILES['image1']['name'];
        $image_size1 =$_FILES['image1']['size'];
        $image_tmp1 =$_FILES['image1']['tmp_name'];
        $image_name1='prog'.rand().$image_name1;
        move_uploaded_file($image_tmp1,'add_images/'.$image_name1);



        $image_name2 = $_FILES['image2']['name'];
        $image_size2 =$_FILES['image2']['size'];
        $image_tmp2 =$_FILES['image2']['tmp_name'];
        $image_name2='prog'.rand().$image_name2;
        move_uploaded_file($image_tmp2,'add_images/'.$image_name2);

        $image_name3 = $_FILES['image3']['name'];
        $image_size3 =$_FILES['image3']['size'];
        $image_tmp3 =$_FILES['image3']['tmp_name'];
        $image_name3='prog'.rand().$image_name3;
        move_uploaded_file($image_tmp3,'add_images/'.$image_name3);

        $price = $_REQUEST['price'];
        $date = date('Y-m-d');
        $u_id = $_SESSION['u_id'];
        $u_name= $_SESSION['u_name'];
        $status= "0";
        $flag = "0";
$mysql_query = "INSERT INTO `bravo_ads`(`ad_title`, `ad_category`, `ad_sub_cat`, `ad_description`, `ad_keywords`, `ad_address`, `ad_state`, `ad_city`, `ad_zone`, `ad_country`, `post_code`, `ad_img_1`, `ad_img_2`, `ad_img_3`, `ad_price`, `u_id`, `u_name`, `u_phone`, `ad_date`, `ad_status`, `flag`) VALUES ('$name','$category','$subcategory','$desc','$keywords','$address','$state', '$city', '$zones','$country','$postcode','$image_name1','$image_name2','$image_name3','$price','$u_id','$u_name', '$phone', '$date','$status','$flag')";

        $query_OK = mysqli_query($dbc, $mysql_query);

        if($query_OK){
            $message = '<div class="success"><b>Operation avec success...!</b> Votre produit a bien été posté . Il sera publié après approbation Administrateur</div>';

        }else{

            $message = '<div class="failed"><b>Operation échoué...!</b> Desoler, Votre produit nas pas ete afficher . Quelque chose a mal tourné . Veuillez réessayer plus encore</div>';
        }}

$desc$name$keywords当我尝试保存时,这些事情会产生问题

1 个答案:

答案 0 :(得分:1)

首先始终检查查询中的错误。这样做是使用mysqli_error

所以在你输入的failure输入的其他地方:

printf("Errormessage: %s\n", mysqli_error($dbc));

这将为您提供错误信息的详细信息。

如你所说,这给了你

  

您的SQL语法有错误;检查与您的MySQL服务器版本对应的手册,以便在'achat et autres achats en ligne'附近使用正确的语法。 Bravo Market | Haiti Bravo | HaitBravo Produits'在第1行

根据您提供的数据

  

标题(L'homme)
  关键词(L'homme,d'achat)
  description(ProduitsÉlectroniques,Voitures,Vêtements,Objetsdecolléction,Bons d'achat et autres achats en ligne)

所以L'homme中的引用结束了你的封装值,然后mysql认为homme是应该知道的。

由于你只是逃过了描述,这没有帮助。你需要逃避所有输入。更好的方法是使用prepared statements

您遇到的此错误也是SQL注入的发生方式。用户数据永远不应该直接输入SQL查询。

所以要把它们放在一起。

if(isset($_REQUEST["submit"])){

        $name = mysqli_real_escape_string($dbc, $_REQUEST['name']);
        $category = mysqli_real_escape_string($dbc, $_REQUEST['category']);
        $subcategory = mysqli_real_escape_string($dbc, $_REQUEST['items']);
        $desc = mysqli_real_escape_string($dbc, $_REQUEST['description']);
        $keywords = mysqli_real_escape_string($dbc, $_REQUEST['keywords']);
        $address = "NULL";
        $state = "NULL";
        $city = mysqli_real_escape_string($dbc, $_REQUEST['city']);
        $zones = mysqli_real_escape_string($dbc, $_REQUEST['zones']);
        $country = mysqli_real_escape_string($dbc, $_REQUEST['country']);
        $postcode = "0000";
        $phone = mysqli_real_escape_string($dbc, $_REQUEST['u_phone']);


        $image_name1 = $_FILES['image1']['name'];
        $image_size1 =$_FILES['image1']['size'];
        $image_tmp1 =$_FILES['image1']['tmp_name'];
        $image_name1='prog'.rand().$image_name1;
        move_uploaded_file($image_tmp1,'add_images/'.$image_name1);



        $image_name2 = $_FILES['image2']['name'];
        $image_size2 =$_FILES['image2']['size'];
        $image_tmp2 =$_FILES['image2']['tmp_name'];
        $image_name2='prog'.rand().$image_name2;
        move_uploaded_file($image_tmp2,'add_images/'.$image_name2);

        $image_name3 = $_FILES['image3']['name'];
        $image_size3 =$_FILES['image3']['size'];
        $image_tmp3 =$_FILES['image3']['tmp_name'];
        $image_name3='prog'.rand().$image_name3;
        move_uploaded_file($image_tmp3,'add_images/'.$image_name3);

        $price = mysqli_real_escape_string($dbc, $_REQUEST['price']);
        $date = date('Y-m-d');
        $u_id = mysqli_real_escape_string($dbc, $_SESSION['u_id']);
        $u_name= mysqli_real_escape_string($dbc, $_SESSION['u_name']);
        $status= "0";
        $flag = "0";
$mysql_query = "INSERT INTO `bravo_ads`(`ad_title`, `ad_category`, `ad_sub_cat`, `ad_description`, `ad_keywords`, `ad_address`, `ad_state`, `ad_city`, `ad_zone`, `ad_country`, `post_code`, `ad_img_1`, `ad_img_2`, `ad_img_3`, `ad_price`, `u_id`, `u_name`, `u_phone`, `ad_date`, `ad_status`, `flag`) VALUES ('$name','$category','$subcategory','$desc','$keywords','$address','$state', '$city', '$zones','$country','$postcode','" . mysqli_real_escape_string($dbc, $image_name1) . "','" . mysqli_real_escape_string($dbc, $image_name2) . "','" . mysqli_real_escape_string($dbc,  $image_name3) . "','$price','$u_id','$u_name', '$phone', '$date','$status','$flag')";

        $query_OK = mysqli_query($dbc, $mysql_query);

        if($query_OK){
            $message = '<div class="success"><b>Operation avec success...!</b> Votre produit a bien été posté . Il sera publié après approbation Administrateur</div>';

        }else{
            printf("Errormessage: %s\n", mysqli_error($dbc));
            $message = '<div class="failed"><b>Operation échoué...!</b> Desoler, Votre produit nas pas ete afficher . Quelque chose a mal tourné . Veuillez réessayer plus encore</div>';
        }
}
相关问题
最新问题