Inserting Arabic in Mysql by php form problem - Webmaster Forum

12-26-2009, 11:33 PM

Status: Junior Member
Join date: Jun 2009
Location:
Expertise:
Software:

Posts: 98

iTrader: 0 / 0%

free-designer is on a distinguished road

Inserting Arabic in Mysql by php form problem

hey,
If i insert the arabic text manually to mysql using PHPMyAdmin then it displays right.
and if i fetch this data into my page it also displays right

But if i insert it to mysql using PHP form then it shows as {Ù…Ø*Ø³Ù†}

I googled a lot and i put all the required stuff as meta tags and choosing the right collation in mysql (UTF8-Unicode) but still shows wrong!

Any solution?

Thanks in advance

12-27-2009, 12:06 AM

Gaz

Status: Request a custom title
Join date: Apr 2007
Location: UK
Expertise: Code & Programming
Software: Coda, TextMate, Sublime 2

Posts: 2,097

iTrader: 26 / 100%

Gaz will become famous soon enough

Is your mysql table UTF8? Sometimes it can be latin, which won't work

12-27-2009, 12:14 AM

free-designer

Status: Junior Member
Join date: Jun 2009
Location:
Expertise:
Software:

Posts: 98

iTrader: 0 / 0%

free-designer is on a distinguished road

Originally Posted by Gaz

Is your mysql table UTF8? Sometimes it can be latin, which won't work

my mysql table is utf8_general_ci, and i tried to make it latin and it also not working

i don't what to do

really dude i need to solve this

12-27-2009, 12:22 AM

46Bit

Status: Member
Join date: Mar 2009
Location: Yorkshire
Expertise: Web Development
Software:

Posts: 275

iTrader: 10 / 100%

46Bit is on a distinguished road

Check the mysql connection's character set (login to phpmyadmin and it's displayed on that first page). It's probably not utf8 if you're getting those issues. Also I think there's a few cases where it's best to use utf8_unicode_ci, despite it being *slightly* slower, so perhaps try that. Also check the charset being output in your http headers and your html <head> is utf8.

12-27-2009, 12:29 AM

free-designer

Status: Junior Member
Join date: Jun 2009
Location:
Expertise:
Software:

Posts: 98

iTrader: 0 / 0%

free-designer is on a distinguished road

Originally Posted by 46Bit

checked also not working,
please more ideas

12-27-2009, 12:32 AM

46Bit

Status: Member
Join date: Mar 2009
Location: Yorkshire
Expertise: Web Development
Software:

Posts: 275

iTrader: 10 / 100%

46Bit is on a distinguished road

Any chance of a live example?

12-27-2009, 12:55 AM

free-designer

Status: Junior Member
Join date: Jun 2009
Location:
Expertise:
Software:

Posts: 98

iTrader: 0 / 0%

free-designer is on a distinguished road

Originally Posted by 46Bit

Any chance of a live example?

this is the page for registering people and there is some arabic words so don't be surprised

PHP Code:


			


<?php include("includes/initialize.php"); ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

    <head>

        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

        <link rel="stylesheet" href="css/style.css" type="text/css" media="screen" />

        <title>شارك عربى</title>

    </head>

<body>

<?php

    if($session->is_logged_in()) {

      redirect_to("index.php");

    }

    

    

    if(isset($_POST['submit']))

    {

        $user_registered = $_POST['user_registered'] = strftime("%Y-%m-%d %H:%M:%S", time());

        $user_login = mysql_real_escape_string($_POST['user_login']);

        $user_pass = md5($_POST['user_pass']);

        $user_re_pass = md5($_POST['user_re_pass']);

        $email_address = mysql_real_escape_string($_POST['email_address']);

        

        /*- First process if this user already exist canel the proccing -*/

        $getusers = $database->query("SELECT * FROM users WHERE user_login = '".$user_login."'");

        

        if($database->num_rows($getusers) == 1)

        {

            $error = "<div id='error'>اسم المستخدم موجود لدينا مسبقاً.</div>";

        }

        elseif(empty( $_POST['user_login'] ) || empty( $_POST['user_pass'] ) || empty( $_POST['user_re_pass']) || empty( $_POST['email_address'] ) )

        {

            $error = "<div id='error'>رجاء كتابة جميع الحقول</div>";

        }

        elseif($_POST['user_pass'] != $_POST['user_re_pass'])

        {

            $error = "<div id='error'>كلمة المرور لم تتابق الاخرى.</div>";

        }

        elseif(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email_address))

        {

            $error = "<div id='error'>رجاء ادخال البريد الالكترونى صحيح</div>";

        }

        else

        {

            $register = users::add_user($user_registered, $user_login, $user_pass, $email_address);

            

            if($register)

            {

                mkdir('users/'.$_POST['user_login'], 0777);

                $congrats = "<div id='congrats'>مبروك, يمكنك الان <a href='login.php'>الدخول</a>";

            }

        }

      }

    else{

        $user_login = "" ;

        $email_address = "" ;

    }

?>





    <div id="header-outer">

        <div id="header-inner">

            <h2><a href="index.php">شارك عربى</a></h2>

        </div>

    </div>



        <div id="toplinks">

            <div id="toplinks-inside">

                <p>ادخل البينات التاليه:</p>

            </div>

        </div>

        

        <div id="content-inner">

                <div id="registry-box">

                        <?php get_result(); ?>

                        

                        <form method="post" action="register.php" id="register-form-box">

                            <table>

                            

                                <tr style="float:right; clear:both;">

                                    <td><input type="text" id="user_login" name="user_login" class="form" value="<?php echo $user_login; ?>"  /></td>

                                    <td><label for="user_login" class="label-style">اسم المستخدم:</label></td> 

                                </tr>

                                

                                <tr style="float:right; clear:both;">

                                    <td><input type="password" id="password" name="user_pass" class="ltr-form"  /></td>

                                    <td><label for="password" class="label-style">كلمة المرور:</label></td> 

                                </tr>

                                

                                <tr style="float:right; clear:both;">

                                    <td><input type="password" id="user_re_pass" name="user_re_pass" class="ltr-form"  /></td>

                                    <td><label for="user_re_pass" class="label-style">تاكيد كلمة المرور:</label></td> 

                                </tr>

                                

                                <tr style="float:right; clear:both;">

                                    <td><input type="text" id="email_address" name="email_address" class="ltr-form" value="<?php echo $email_address; ?>"/></td>

                                    <td><label for="email_address" class="label-style">البريد الالكترونى:</label></td> 

                                </tr>

                                

                                <tr style="float:left; clear:both;">

                                    <td><input type="submit" name="submit" value="تسجيل" class="button" /></td>

                                </tr>

                            </table>

                        </form>

                </div>

        </div>

        

</body>

</html>

and this is the table with the shit

and this is the page screenshot

if u need more info just tell me what u need

12-27-2009, 01:26 AM

46Bit

Status: Member
Join date: Mar 2009
Location: Yorkshire
Expertise: Web Development
Software:

Posts: 275

iTrader: 10 / 100%

46Bit is on a distinguished road

I suspect your app will have some rather bad vulnerabilities when you've just created a directory with the name entered by a user without any sort of directory traversal/etc prevention. Admittably not the easiest thing to exploit, but it certainly doesn't give any sort of confidence as to the rest of the app.

Anyway, if you're referring to phpmyadmin displays utf8 wrong, I've always had that ... afaik it's normal. If your output script is doing it wrong there's an issue, but if it's just phpmyadmin I think that's normal.

12-27-2009, 01:45 AM

free-designer

Status: Junior Member
Join date: Jun 2009
Location:
Expertise:
Software:

Posts: 98

iTrader: 0 / 0%

free-designer is on a distinguished road

Originally Posted by 46Bit

u can give me mush good feature about what u mentioned? .

but about the phpmyadmin thing i'll leave it for a while

thanks

12-27-2009, 01:53 AM

#10

46Bit

Status: Member
Join date: Mar 2009
Location: Yorkshire
Expertise: Web Development
Software:

Posts: 275

iTrader: 10 / 100%

46Bit is on a distinguished road

PHP Code:


			
mkdir('users/'.$_POST['user_login'], 0777);

Guess why that's wrong? If you don't know and/or don't care, you really shouldn't be freelancing. It's certainly not the most critical vulnerability ever, but when file traversal prevention there would be so incredibly easy (just md5, sha1, base64_encode, etc the username) not even requiring any proper validation, it's really just silly and makes me wonder what else there might be elsewhere is in your code.

EDIT: Apologies if you do validation in users::add, I missed that key point when skimming the code but even so I suspect that you don't bearing in mind that you've already done some basic validation of fields in the form above.