how to insert special characters into a database(MySQL) like
Registered symbol ( ® ) OR
Copyright sign ( © ) OR
Trade Mark sign ( ™ )
Also I want to display as original on the html page.
What I have to do in both side (front end and back end), please elaborate
Which function is more effective?
Method 1:
$_GET = array_map('trim', $_GET);
$_POST = array_map('trim', $_POST);
if(get_magic_quotes_gpc()){
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);
$_GET = array_map('strip_tags', $_GET);
$_POST = array_map('strip_tags', $_POST);
}
else{
$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
}
Method 2:
foreach ($_POST as $key=>$value){
if (!get_magic_quotes_gpc()) {
return addslashes(htmlentities(strip_tags($value),ENT_QUOTES,'UTF-8'));
}
else {
return htmlentities(strip_tags($value),ENT_QUOTES,'UTF-8');
}
}
I am a bit confused what is the difference between
htmlentities() and htlspecialchars(), and which one i have to use?
which function should be used addslashes() or stripslashes() when insert into database?
Just simply add those symbols to your text, and execute it as SQL query:
When you want to display it one the website don’t do anything with these symbols (but remember to escape at least
<,>,&(using htmlspecialchars()) cause those has special meaning in XML/SGML (HTML) documents)PS. Also remember to escape text passed to SQL query using mysql_real_escape_string() to avoid any SQL Injection problems. If your server has
magic_quotes_gpcenabled disable it or at least filter your GET/POST/COOKIE data to its raw value. You should always consciously escape values.EDIT:
According to your comment… I don’t remember whether
magic_quotes_gpcare enabled by default but you can easily undone magic quotes effect. Just on the very beginning of your PHP code add something like this:Now each GPC value should be always raw – without quotes – so you have to escape it manually before passing any variable into query.