|
Posted by "M. Sokolewicz" on 06/02/05 12:51
Mark Sargent wrote:
> Richard Davey wrote:
>
>> Hello Mark,
>>
>> Monday, May 30, 2005, 4:18:20 PM, you wrote:
>>
>> MS> I have my settings in php.ini set for UTF-8, and the encoding for
>> MS> the mysql database table's column that is using Japanese to UTF-8.
>> MS> Now, if I view the data stored in that column in phpmyadmin, via
>> MS> say, firefox, it displays in UTF-8, but, if I pull the code from
>> MS> the database and display it in a UTF-8 set page, it is just ?
>> MS> marks, although static J text displays fine...any thoughts on
>> MS> this..? Driving me nutz. Cheers.
>>
>> Are you doing anything to the data after you've pulled it back from
>> MySQL? Perhaps parsing it, or pushing it through a PHP function that
>> might convert it back to Latin1? (i.e. using non-overloaded PHP
>> functions when you should be using the mb functions)
>>
>> Best regards,
>>
>> Richard Davey
>>
>>
> Hi All,
>
> Richard, please view code provided below. Cheers.
>
> Mark Sargent.
>
> <?php
> session_start();
> include("database.php");
> ?>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
> <title>Jumbo Status-Product Details</title>
> </head>
> <body lang="en">
> <hr>
> <h1 align="center">JUMBO STATUS</h1><p>
> <center>Used Hardware Specialist</center>
> <center><a href="index.php">Home</a></center> <center><a
> href="search.php">Search</a></center>
> <hr>
> <table align="center" bgcolor="lightblue" cellpadding="2" border="2"
> width="60%">
> <?php
> if (isset($_REQUEST[product_id])) {
> $product_id = $_REQUEST[product_id];
> $result = mysql_query("SELECT Products.product_id,
> Products.product_name, Products.product_model_number,
> Products.product_price, Products.product_qty, Products.product_desc,
> Products.product_data_output, Conditions.condition_detail FROM Products
> INNER JOIN Conditions On Products.condition_id = Conditions.condition_id
> WHERE Products.product_id = '$product_id'");
I don't know if you noticed, but $_REQUEST[product_id] (and thus
$product_id have *enormous* SQL-injection capabilities. Imagine someone
sending product_id=1';DROP TABLE Products, Conditions;, do you see the
problem? You should never ever trsut any user-input, scan it, reform it,
make sure it's what you expect, before using it.
> if (!$result) {
> echo "Query failed: " . mysql_error();
> exit;
> }
> $num = mysql_num_rows($result);
> $rows = mysql_fetch_array($result);
> echo "<tr align=\"center\"><td colspan=\"4\">Status-Product
> Details</td></tr>";
> }
> for ($i=0; $i<$num; $i++){
> echo "<tr align=\"center\"><td>PRODUCT
> NAME</td><td>".$rows['product_name']."</td><br><tr
> align=\"center\"><td>QUANTITY</td><td>".$rows['product_qty']."</td></tr><br><tr
> align=\"center\"><td>PRICE</td><td>".$rows['product_price
> yen']."</td></tr><br><tr
> align=\"center\"><td>CONDITION</td><td>".$rows['product_condition']."</td></tr><tr
> align=\"center\"><td colspan=\"2\">MORE DETAILS</td></tr><tr
> align=\"center\"><td
> colspan=\"2\">".$rows['product_desc']."</td></tr><tr
> align=\"center\"><td colspan=\"2\">DATA OUTPUT</td></tr><tr
> align=\"center\"><td
> colspan=\"2\">".$rows['product_data_output']."</td></tr>";
> }
> ?>
> </table>
> <p>
> <p>
> <p>
> <hr><center>email: <p>
> Telephone: <p>
> Fax:
> </center>
> </body>
Navigation:
[Reply to this message]
|