Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Conversion of Turkish characters

Status
Not open for further replies.
juneaid

juneaid

Technical User
Feb 28, 2012
1
Hello,

I am using a php-based software for a classified site. The language of the site is Turkish. There is a problem while searching via search bar of the software itself.

For example when a listing has a word "dikiş", I could only get the result when I type as it is. However, since some can type in capitals while searching, I need to get the same results when "DİKİŞ" is typed. (capital of i = İ(I with dot) and ş=Ş (capital)) When I contacted with the developer of the software for a solution of this problem, I have been told that as below;

"the software actually encodes most of the text in the
database to prevent problems with certain charsets causing the information to get corrupted.

Even if you made PHP changes to no longer encode the text in the database, that
may introduce "SQL injection" vulnerabilities, because the software expects the
text is in the database to be encoded and in a few places uses that encoding as the built-in prevention for SQL injection."

I am asking for your advice for a possible solution of this kind of searching. I am not a developer and thinking basically but it sounds me logical that there should be a way such as character converting during the search. I mean when someone types for the search, search engine may convert the character to its options (lower case of upper case) prior to call the information from the MySQL database. (Ç=ç, Ç=ç, ü=Ü, Ü=ü, etc)

Does that sound possible to you?

I really need some advice since it is the most importand of a site as you may agree and do not know how to handle with this situation.

Thanks in advance
 
Sort by date Sort by votes
database searching is usually case insensitive for non-binary collations.

if your table and connection are set to a binary collation then you can force the search to be case insensitive by converting to non-binary in the query

Code: 
mysql_query('SET NAMES = 'latin5");
$result = mysql_query("
SELECT * 
FROM table 
WHERE   COLLATE latin5_turkish_ci LIKE '"[i] .mysql_real_escape_string($myvar) . [/i]"'
";

there is no particular programming requirement for sql injection to be prevented by encoding. In fact I don't see how encoding does prevent sql injection unless, by encoding, the developer means he converts every column to a reversible hash. which would be a ridiculous processor overhead and should probably persuade you to avoid that piece of software like the plague. in these circumstances there is little sensible that you can do.

sql injection attacks are easily prevented by simply escaping the variables before sending them to the database.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PeDa
  • Locked
  • Question
Report invalid characters in string 1
Replies
2
Views
230
PeDa
PeDa
EdLentz
  • Locked
  • Question
I need a simple example of how to send a table of info .
Replies
8
Views
402
EdLentz
EdLentz
PeDa
  • Locked
  • Question
POST Content-lLength of ... bytes exceeds the limit of 8388608 bytes in Unknown on line 0
Replies
4
Views
447
feherke
feherke
vie3548
  • Locked
  • Question
MEMO FIELD NULL INSTEAD OF EMPTY STRING
Replies
0
Views
126
vie3548
vie3548
PeDa
  • Locked
  • Question
unwanted spaces inserted into the middle of php-generated html email body 1
Replies
2
Views
161
PeDa
PeDa

Part and Inventory Search

Sponsor

Back
Top