If I insert text to my database and it contains " symbol, only the part of the text before that symbol is inserted! The field type is 'text' with utf8_unicode_ci collation.

Can anyone please help me fix this problem?

You need to make sure that the contentType in your server sided code is utf-8 as well.

If you are using MYSQL, then you *can* replace the " marks with \" and then they should work. Actually, they should work without doing that.

It would help if you would show your code.

I think I understood the problem wrong.
It is , as OP said, an escape problem.

Funny, I though CKey's answer was quite possibly right. Mine was a "just in case".

If you are using MYSQL, then you *can* replace the " marks with \" and then they should work. Actually, they should work without doing that.
I do use mysql but I can't use \ symbol because the the data that is to be sent in database is changed dynamically.

This is my code that I use for inserting the data:
$insert = "INSERT INTO " . $table_name .
" (user_id, post_title, warning_text, warn_type, comments_post_text, comments_post_id, date, warn_for) " .
"VALUES ('" . $theAuthor . "', '" . $_REQUEST['post_title'] . "', '" . $_REQUEST['warning_text'] . "', '" . $_POST['warn_type'] . "', '" . $_POST['comments_post_text'] . "', '" . $_POST['comments_post_id'] . "', '" . date("Y-m-d H:i:s") . "', '" . $_POST['post'] . "')";

Is this case the problem is in 'post_title'.

This is the form code that sends data to above code:

<form action="action.php" method="post" id="warning-form" name="warning-form" >
<input type="hidden" name="comments_post_text" id="comments_post_text" value="<?php echo $post->post_content; ?>" />
<input type="hidden" name="post_title" id="post_title" value="<?php echo $post->post_title; ?>" />
<input type="hidden" name="comments_post_id" id="comments_post_id" value="<?php echo $post->ID; ?>" />
<input type="hidden" name="post" id="post" value="<?php echo $for; ?>" />
<textarea name="warning_text" id="warning_text" rows="4" cols="5" style="float:right; width:100px;"></textarea><br />
<input type="submit" value="Submit">
</form>

Any ideas?

I don't know anything about the escape, could you be more clear?

I wonder if the problem is in the <FORM> and not in the $insert code?

Can you:
(1) bring up the problem page in your browser.
(2) Click on the VIEW menu
(3) Click on the SOURCE or PAGE SOURCE menu item
(4) Copy/paste the <FORM> code you see there to here.

The source looks really strange!

This is the real text (not English, sorry):
ეს არის “ჩვეულებრივი ტექსტი” რომელიც საიტზე ჩანს

Here is what I see form source:

<input name="post_title" id="post_title" value="ეს არის " ჩვეულებრივი="" ტექსტი="" რომელიც="" ვაჟი="" საიტზე="" ჩანს="" type="hidden">


I have no idea where the ="" symbols come from after every word!

This doesn't happen in case of text without " symbol.

Any ideas?

Yes, that's your problem.

You need to encode your values BEFORE you put them into the form fields.

For example, each " needs to be converted to &quot;

I don't know if there are other problem characters.

If you have something like
value="He said "hello""
in the <form> field, you can see that the string there is just
value="He said"
and then HTML doesn't know what to do with the rest:
hello""
and it just drops them.

If you encode it to
value="He said &quot;hello&quot;"
then it all works.

Not sure of the exact problem with your Unicode characters, but it's something like that.

I am *NOT* a PHP person, so I don't know what function to call to convert the string to an HTML-save string. I *hope* there is a PHP function to do that in the PHP library.

Well, in this case only php function can solve my problem, if there is any, because I don't know in advance what text is to insert in database.

Anyone knows what is this function?

htmlspecialchars();

http://us.php.net/manual/en/function.htmlspecialchars.php

The translations performed are:

* '&' (ampersand) becomes '&amp;'
* '"' (double quote) becomes '&quot;' when ENT_NOQUOTES is not set.
* ''' (single quote) becomes ''' only when ENT_QUOTES is set.
* '<' (less than) becomes '&lt;'
* '>' (greater than) becomes '&gt;'

Note: Note that this function does not translate anything beyond what is listed above . For full entity translation, see htmlentities(). So, better to use htmlentities() instead. It's a good practice to use this function wherever you output some string taken from DB on your pages, to avoid possible validation errors.