Forum Moderators: open
I'm hoping someone can provide some guidance with this.
I'm developing a small web shop for a Swiss website where product descriptions are laden with umlauts and other neat characters. Some descriptions also require the use of quotes. As I have it right now when you enter a ü (u with an umlaut) it gets stored in my database as ü (an A with a tilde above it and a 1/4th sign). When it gets read by a PHP script everything is A-OK and it shows up as an umlaut-u again. All of my PHP files and MySQL tables/fields are set to UTF-8 so I'm not really sure why this is happening.
Another issue I have is with quotes. I also have a photo gallery table which stores the photo id, title, and caption. Some captions may require the use of quotes. When I enter quotes using my CMS they get escaped by \ and are stored that way in the DB. The problem is that I'm using a PHP script to create XML on the fly out of that table to be read by a Flash file. The quotes mess this process up and I'm not sure how to handle it. I guess I should ask the second part of this question somewhere else too.
Any suggestions are greatly welcome!
regarding your quote issue, the backslash is a standard method of escaping quotes and other characters in mysql.
you should read about php mysql_real_escape_string [php.net] to understand why this must be done.
you might look at stripsashes [php.net] to solve your problem.
I have started using mysql_real_escape_string and I understand why it needs to be used. I was just wondering if this is best practice, to store the text with the escaped quotes in the DB and then un-escape them upon retrieval.
Thanks for your response and the links anyway :)
escaping quotes is best practice to prevent sql injection attacks or errors.
