1

I have a web service which inserts various user input into a MySQL DB.

My DB insert statement uses $db->real_escape_string() for security on all input.

However this seems to be stripping out emoji references from input, e.g. in the format \ud83d\ude2e (winking face).

The pertinent DB column has collation utf8_general_ci, as does the table.

Example:

  • Before insert: "Foo bar! \ud83d\ude2e"
  • After insert (via real_escape_string()): "Foo bar! "

Perhaps real_escape_string() is supposed to pull out things like this, for all I know, and so my problem may be obvious to people more knowledgeable in this field.

How can I allow the retention of the emoji references in the DB insert?

Improve this question
9
  • Well, you should use prepared statements instead for security/safety... but, you should also let us know what the collation and charset is for your table fields and database. Commented Mar 3, 2018 at 14:35
  • 1
    mathiasbynens.be/notes/mysql-utf8mb4 Commented Mar 3, 2018 at 14:36
  • 1
    This is somewhat legacy code. I'm doing plenty of security checks before it gets anywhere near the insert stage. Updated question with collation info. Commented Mar 3, 2018 at 14:36
  • 1
    Thanks for the link - shame I didn't find that (or the duplicate question) in my searching beforehand. Commented Mar 3, 2018 at 14:37
  • 1
    Ok, legacy code, perfectly understandable... I've been there... still there in some cases. ;) Commented Mar 3, 2018 at 14:37
Related questions
5136
Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
2738
Why shouldn't I use mysql_* functions in PHP?
2769
How can I prevent SQL injection in PHP?
Load 7 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.