Hi,

I am having a problem saving from my php for to MySQL database. I am not sure if the problem is at the PHP level or database level.

here is the form:

http://www.jassimrahma.com/contactme

and when submiting arabic characters... it will be saved as unreadable characters like this:

http://www.jassimrahma.com/arabic.png

My database character set is UTF-8 Unicode and Collation is utf8_general_ci

here is my table DDL:

CREATE TABLE `mubadara_messages` (
  `message_id` int(11) NOT NULL AUTO_INCREMENT,
  `message_from_name` varchar(255) DEFAULT NULL,
  `message_from_email` varchar(255) DEFAULT NULL,
  `message_subject` varchar(255) DEFAULT NULL,
  `message_body` text,
  `message_ip_address` varchar(255) DEFAULT NULL,
  `created_date` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`message_id`)
) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=utf8;

and this is my PHP:

require 'PHPMailer/class.phpmailer.php';

$message_visitor_name = $_POST['txtName'];
$message_visitor_email = $_POST['txtEmail'];
$message_subject = $_POST['txtSubject'];
$message_body = $_POST['txtMessage'];
$message_ip_address = $_SERVER['REMOTE_ADDR'];

// save the message
$mysql_connection = mysql_connect('mysql.jassimrahma.com', 'jassimdb', 'xxxxxxxxxxxxx');
mysql_select_db('jassimrahma_com', $mysql_connection);

// $mysql_connection = mysql_connect('localhost', 'root', 'pass');
// mysql_select_db('jassimrahma', $mysql_connection);

$mysql_command = "INSERT INTO mubadara_messages (message_from_name, message_from_email, message_subject, message_body, message_ip_address) VALUES ('$message_visitor_name', '$message_visitor_email', '$message_subject', '$message_body', '$message_ip_address')";
$mysql_result = mysql_query($mysql_command, $mysql_connection) or die(mysql_error());
// $mysql_result = mysql_query("SELECT project_name FROM projects WHERE project_id = 13");
// echo $mysql_result;
mysql_close($mysql_connection);

exit(header("Location: thankyou"));

can anyone help please

Thanks,
Jassim

    Few things...

    1. Stop Using the MySQL Extension!

    2. User-supplied data should never be placed directly into a SQL query string, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize the data (e.g. using [man]mysqli_real_escape_string/man for string data) or use prepared statements. See [man]security.database.sql-injection[/man] for more info.

    3. You never set the encoding of your connection to the MySQL server. This may default to UTF-8, and it may not; it's better to do this manually if you know your application requires it.

    4. Did you use UTF-8 as the encoding when you served the HTML document with the form?

      Thanks. My problem is solved.

      changing the connection was a good idea but not related to the issue. I did changed the connection to PDO as you suggested

      The issue was with the connection character set.

      This was solved the issue:

      $mysql_connection -> exec("SET CHARACTER SET utf8");

        Glad I could help. Don't forget to mark this thread resolved (using the link on the Thread Tools menu above).

          Write a Reply...