Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Super Moderator JohnDubya's Avatar
    Join Date
    Nov 2006
    Location
    Missouri
    Posts
    634
    Thanks
    12
    Thanked 18 Times in 18 Posts

    \r and \n showing up after POSTing user submitted text

    I have a textarea on a page that POSTs to itself and then inserts into my MySQL database. I put that text into a variable and do a mysql_real_escape_string() on it. The problem I'm running into is this: if there is an error with the page, it puts the contents of the escaped variable back into the textarea, and those contents now have escaped quotes and \r and \n in them. How do I reverse these changes when I put the content back into the textarea?

    Example:

    In textarea, the user inputs:

    This isn't mine.
    But this is.
    After this input is POSTed into a variable and escaped, and there is an error on the page, this escape input is put back into the textarea and now shows this:

    This isn\'t mine.\r\nBut this is.
    Last edited by JohnDubya; 12-20-2007 at 07:52 PM.

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Run the value through stripslashes() and nl2br(), and perhaps html_entity_decode() as well.

  • #3
    Super Moderator JohnDubya's Avatar
    Join Date
    Nov 2006
    Location
    Missouri
    Posts
    634
    Thanks
    12
    Thanked 18 Times in 18 Posts
    That will fix quotes and HTML in a string just fine, but it doesn't fix the \r\n problem. When I use stripslashes() and nl2br(), the string becomes:

    This isn't mine.rnBut this is.
    In other words, after mysql_real_escape_string(), it makes the carriage return (new paragraph) into a \r\n instead of an actual return in the textarea. So how do I change the \r\n back to a carriage return?

  • #4
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    Only apply the escaping to the string that is about to enter the database. Not your raw data.

  • #5
    Super Moderator JohnDubya's Avatar
    Join Date
    Nov 2006
    Location
    Missouri
    Posts
    634
    Thanks
    12
    Thanked 18 Times in 18 Posts
    Why didn't I think of that? lol Thanks aedrin!

    I was putting the input into a variable and then doing the mysql_real_escape_string() on that same variable, and then echoing it in the textarea. But what I've done now is still put the input into the variable, but then create another variable with $db_ at the beginning that actually goes into the database. Works a charm!

  • #6
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    You couldn't see the forest through the trees.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •