How do I get rid of \r\n\r\n when editing text ?

jeddi · 01-13-2009, 08:48 AM

This must be a common problem - or maybe I am doing it wrong.

When I use create a record using a textarea in a form and insert it into my table the returns are invisable.

Eg:
---------------------
Peter looking for a low-cost, yet highly effective means of advertising your products and services, then Google AdWords may be your answer.

Google AdWords provides a simple way to purchase highly targeted advertising , regardless of your budget. Unlike other sites selling banner ad space and pay-per-ranking, AdWords provides advertisers with highly effective text ads that are displayed with the search results. Studies have shown that highly targeted keyword advertising produces an average of four times the industry standard clickthrough rate.

Google, one of the premier Search Engines, receives over 29 million searches each day.
---------------------

When I veiw the database record they are also invisable yet the formatting stays the same so they are there (some how).

I then come to edit/modify the record an if the modifcation contains an error (like the heading is missing) and the record needs to be re-displayed, then I get this kind of display:

---------------------
Peter looking for a low-cost, yet highly effective means of advertising your products and services, then Google AdWords may be your answer.\r\n\r\nGoogle AdWords provides a simple way to purchase highly targeted advertising , regardless of your budget. Unlike other sites selling banner ad space and pay-per-ranking, AdWords provides advertisers with highly effective text ads that are displayed with the search results. Studies have shown that highly targeted keyword advertising produces an average of four times the industry standard clickthrough rate.\r\n\r\nGoogle, one of the premier Search Engines, receives over 29 million searches each day.
---------------------

If I save this version then the "\r\n\r\n" get recorded as well - ie they are not invisable any more.

How can I stop these \r\n\r\n's from showing up ?
It seems odd that they don't show up in a straight forward edit - only when there is a mistake and a re-display occurs.

This is my safe_sql function:

PHP Code:


			
// Make variable SQL safe

function safe_sql( $value )

{

     $value = strip_tags(trim($value));

         

    // Stripslashes

    if (get_magic_quotes_gpc()) {

        $value = stripslashes($value);

    }

    // Quote if not integer

    if (!is_numeric($value)) {

        $value = mysql_real_escape_string($value);

    }

    return $value;

} // End of Function

And here is my form process:

PHP Code:


			
if(isset($_POST['tutedit']))  {

    $N_art_head  = safe_sql($_POST['x_art_head']);

        $N_art_body  = safe_sql($_POST['x_art_body']);

/*

*  Check for blanks.  

*/        



 if ( $N_art_head == "" || $N_art_head  == " "){

    $err_mes = "The article title appears to be missing!";             

    require_once ("write_tute_fm.php");

    exit(); 

   }  // endif

                



 if ( $N_art_body == "" || $N_art_body  == " "){

    $err_mes = "The entire article body is missing!";             

    require_once ("edit_tute_fm.php");

    exit(); 

 }  // endif

and the form is here:

PHP Code:


			
<div class="art_title">

        <label for="x_art_head">Title:&nbsp;</label>

        <input class="data1" type="text" name="x_art_head" size="40" value = "<?php echo $N_art_head ?>" >

        <span style ="color : red; " > <?php echo "$err_mes"; ?></span>

    </div>

    

    <div class="art_title">

        <label for="x_art_body">Content:&nbsp;</label>

        <textarea class="data1" rows="24" cols="80" name="x_art_body" >

        <?php echo $N_art_body ?></textarea>

    </div>

I am not sure if I should replace the \r\n with <br> for the re-display or will that make things worse ?

tamilsweet · 01-13-2009, 08:56 AM

Use nl2br() to remove \r\n
http://in.php.net/nl2br

You can use htmlspecialchars on the text before saving the contents to db and use htmlspecialchars_decode to fetch back and show the details...

Did you try adding html code in the textarea and save and then edit??

jeddi · 01-13-2009, 09:18 AM

OK I have now inserted this just before the form rums:

$N_art_body = nl2br($N_art_body);

I still find it odd that this only occurs if the data is re-displayed and not on the initial display, can you see any reason for that ?

jeddi · 01-13-2009, 09:25 AM

Now it shows up with the HTML in it:

-----------------
Peter looking for a low-cost, yet highly effective means of advertising your products and services, then Google AdWords may be your answer.<br />
<br />
Google AdWords provides a simp
------------------

I don't think thats what I wanted - I just wanted the formatting to stay in place

Since I am using the $value = strip_tags(trim($value)); when taking the POST data I don't think I need to use htmlspecialchars as there shouldn't be any tags left - but maybe I should do that as well just before the db save ??

funnymoney · 01-13-2009, 11:49 AM

Maybe you were using single quote's ' when storing data into MySQL, so special chars like \n\t and others are literaly stored like \n\t..

Check your database text with phpmyadmin or some other tool and see how text is stored..

ie

PHP Code:


			
<?php

print "SAfe\n\tSafe"; # will not show \n\t

print  'SAfe\n\tSafe'; # will show \n\t

?>

EDIT:
if you combo htmlspecialchars||mysql_real_escape_string and single quotes, i think you will store special chars to newline tab or row like that

jeddi · 01-13-2009, 01:07 PM

Hi,
thanks for the reply.

My storing to database is like this:

PHP Code:


			
    $sql = "UPDATE articles SET

    live = 'y',

    type = 'a',

    cat_cd = '$N_cat_cd',

    user_id = '{$_SESSION['expert']}',

    art_head = '$N_art_head',

    art_body = '$N_art_body',

    art_link = '$the_link',

    art_lk_tp = '$link_type',

    valid_fm_date = '$today',

    valid_to_date = '$today',

    vote_count =  '0'

    

    WHERE art_id = '$N_art_id' ";

        

    $result = mysql_query($sql) or die("could not execute UPDATE articles.". mysql_error());

So I am not sure if this counts as double or single quotes

When I look at the db I see no "\r\n\" s usually
also the ' are ok but after the re-display I get: \'
which is another thing I don't want.

I am not sure where I go from here

Anyone know what the best thing to do is ?
should I put htmlspecialchars() into it somewhere (where ?)

thanks again for helping

funnymoney · 01-13-2009, 01:25 PM

how do you get $N_art_body variable before you store it to database.. You probably have some $_POST['art_body'] or something preceding that var,

and what is your SQL row type for storing $N_art_body.. try setting it to BLOB

jeddi · 01-13-2009, 01:32 PM

I think all the details of that are in my first post about this problem

funnymoney · 01-13-2009, 02:09 PM

This is a funny piece of code

PHP Code:


			
<?php include("dbconn.php"); 

?>

<form action="" method="post">

<textarea name="text"></textarea>

<input type="submit">

</form>

<?php



if (isset($_POST["text"])) {

$value = $_POST["text"];

$value = mysql_real_escape_string($value);

$value = nl2br($value);

print $value;

}

?>

nl2br doesn't work

JohnDubya · 01-13-2009, 06:44 PM

This is quite an annoying issue that I've dealt with far more times than I wish I had to.

First off, the reason the <br /> tags are showing up in your textarea after submitting the form is because you are running nl2br() on the $N_art_body variable and then echoing it in the textarea below. What I normally do it run the nl2br() function on a different variable that has db_ in front of it. So I would do it like this:

PHP Code:


			
$N_art_body = $_POST['x_art_body'];



$db_N_art_body = safe_sql( nl2br($N_art_body) ); //I believe you can do this...if not, do the nl2br() first, then the safe_sql()

This way, you can still echo $N_art_body in the textarea, and it won't be changed, while you can put the $db_N_art_body in your database, and it will be safe from SQL injection.

jeddi · 01-13-2009, 06:53 PM

Yes,
I think thats the way. I have realised that I have been using my safe_sql function too early - I should be waiting until just before the query.

However splitting it up in the manner you've suggested makes sense

I'll be trying that out shortly.

Thanks

01-13-2009, 08:48 AM	PM User \| #1
jeddi Senior Coder Join Date: May 2006 Posts: 1,058 Thanks: 22 Thanked 4 Times in 4 Posts	How do I get rid of \r\n\r\n when editing text ? This must be a common problem - or maybe I am doing it wrong. When I use create a record using a textarea in a form and insert it into my table the returns are invisable. Eg: --------------------- Peter looking for a low-cost, yet highly effective means of advertising your products and services, then Google AdWords may be your answer. Google AdWords provides a simple way to purchase highly targeted advertising , regardless of your budget. Unlike other sites selling banner ad space and pay-per-ranking, AdWords provides advertisers with highly effective text ads that are displayed with the search results. Studies have shown that highly targeted keyword advertising produces an average of four times the industry standard clickthrough rate. Google, one of the premier Search Engines, receives over 29 million searches each day. --------------------- When I veiw the database record they are also invisable yet the formatting stays the same so they are there (some how). I then come to edit/modify the record an if the modifcation contains an error (like the heading is missing) and the record needs to be re-displayed, then I get this kind of display: --------------------- Peter looking for a low-cost, yet highly effective means of advertising your products and services, then Google AdWords may be your answer.\r\n\r\nGoogle AdWords provides a simple way to purchase highly targeted advertising , regardless of your budget. Unlike other sites selling banner ad space and pay-per-ranking, AdWords provides advertisers with highly effective text ads that are displayed with the search results. Studies have shown that highly targeted keyword advertising produces an average of four times the industry standard clickthrough rate.\r\n\r\nGoogle, one of the premier Search Engines, receives over 29 million searches each day. --------------------- If I save this version then the "\r\n\r\n" get recorded as well - ie they are not invisable any more. How can I stop these \r\n\r\n's from showing up ? It seems odd that they don't show up in a straight forward edit - only when there is a mistake and a re-display occurs. This is my safe_sql function: PHP Code: `// Make variable SQL safe function safe_sql( $value ) { $value = strip_tags(trim($value)); // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote if not integer if (!is_numeric($value)) { $value = mysql_real_escape_string($value); } return $value; } // End of Function` And here is my form process: PHP Code: if(isset($_POST['tutedit'])) { $N_art_head = safe_sql($_POST['x_art_head']); $N_art_body = safe_sql($_POST['x_art_body']); /* * Check for blanks. */ if ( $N_art_head == "" \|\| $N_art_head == " "){ $err_mes = "The article title appears to be missing!"; require_once ("write_tute_fm.php"); exit(); } // endif if ( $N_art_body == "" \|\| $N_art_body == " "){ $err_mes = "The entire article body is missing!"; require_once ("edit_tute_fm.php"); exit(); } // endif and the form is here: PHP Code: <div class="art_title"> <label for="x_art_head">Title: </label> <input class="data1" type="text" name="x_art_head" size="40" value = "<?php echo $N_art_head ?>" > <span style ="color : red; " > <?php echo "$err_mes"; ?></span> </div> <div class="art_title"> <label for="x_art_body">Content: </label> <textarea class="data1" rows="24" cols="80" name="x_art_body" > <?php echo $N_art_body ?></textarea> </div> I am not sure if I should replace the \r\n with <br> for the re-display or will that make things worse ?

01-13-2009, 08:56 AM	PM User \| #2
tamilsweet New Coder Join Date: Oct 2007 Location: In front of PC Posts: 92 Thanks: 24 Thanked 3 Times in 3 Posts	Use nl2br() to remove \r\n http://in.php.net/nl2br You can use htmlspecialchars on the text before saving the contents to db and use htmlspecialchars_decode to fetch back and show the details... Did you try adding html code in the textarea and save and then edit?? __________________ Learning never ends.... Last edited by tamilsweet; 01-13-2009 at 09:02 AM..

01-13-2009, 09:25 AM	PM User \| #4
jeddi Senior Coder Join Date: May 2006 Posts: 1,058 Thanks: 22 Thanked 4 Times in 4 Posts	Now it shows up with the HTML in it: ----------------- Peter looking for a low-cost, yet highly effective means of advertising your products and services, then Google AdWords may be your answer.<br /> <br /> Google AdWords provides a simp ------------------ I don't think thats what I wanted - I just wanted the formatting to stay in place Since I am using the $value = strip_tags(trim($value)); when taking the POST data I don't think I need to use htmlspecialchars as there shouldn't be any tags left - but maybe I should do that as well just before the db save ?? Last edited by jeddi; 01-13-2009 at 09:35 AM..

01-13-2009, 11:49 AM	PM User \| #5
funnymoney Regular Coder Join Date: Aug 2007 Posts: 364 Thanks: 17 Thanked 24 Times in 24 Posts	Maybe you were using single quote's ' when storing data into MySQL, so special chars like \n\t and others are literaly stored like \n\t.. Check your database text with phpmyadmin or some other tool and see how text is stored.. ie PHP Code: `<?php print "SAfe\n\tSafe"; # will not show \n\t print 'SAfe\n\tSafe'; # will show \n\t ?>` EDIT: if you combo htmlspecialchars\|\|mysql_real_escape_string and single quotes, i think you will store special chars to newline tab or row like that Last edited by funnymoney; 01-13-2009 at 11:54 AM..

01-13-2009, 01:07 PM	PM User \| #6
jeddi Senior Coder Join Date: May 2006 Posts: 1,058 Thanks: 22 Thanked 4 Times in 4 Posts	Hi, thanks for the reply. My storing to database is like this: PHP Code: $sql = "UPDATE articles SET live = 'y', type = 'a', cat_cd = '$N_cat_cd', user_id = '{$_SESSION['expert']}', art_head = '$N_art_head', art_body = '$N_art_body', art_link = '$the_link', art_lk_tp = '$link_type', valid_fm_date = '$today', valid_to_date = '$today', vote_count = '0' WHERE art_id = '$N_art_id' "; $result = mysql_query($sql) or die("could not execute UPDATE articles.". mysql_error()); So I am not sure if this counts as double or single quotes When I look at the db I see no "\r\n\" s usually also the ' are ok but after the re-display I get: \' which is another thing I don't want. I am not sure where I go from here Anyone know what the best thing to do is ? should I put htmlspecialchars() into it somewhere (where ?) thanks again for helping

01-13-2009, 09:18 AM	PM User \| #3
jeddi Senior Coder Join Date: May 2006 Posts: 1,058 Thanks: 22 Thanked 4 Times in 4 Posts	OK I have now inserted this just before the form rums: $N_art_body = nl2br($N_art_body); I still find it odd that this only occurs if the data is re-displayed and not on the initial display, can you see any reason for that ?

01-13-2009, 01:25 PM	PM User \| #7
funnymoney Regular Coder Join Date: Aug 2007 Posts: 364 Thanks: 17 Thanked 24 Times in 24 Posts	how do you get `$N_art_body` variable before you store it to database.. You probably have some $_POST['art_body'] or something preceding that var, and what is your SQL row type for storing $N_art_body.. try setting it to BLOB

01-13-2009, 01:32 PM	PM User \| #8
jeddi Senior Coder Join Date: May 2006 Posts: 1,058 Thanks: 22 Thanked 4 Times in 4 Posts	I think all the details of that are in my first post about this problem

01-13-2009, 02:09 PM	PM User \| #9
funnymoney Regular Coder Join Date: Aug 2007 Posts: 364 Thanks: 17 Thanked 24 Times in 24 Posts	This is a funny piece of code PHP Code: `<?php include("dbconn.php"); ?> <form action="" method="post"> <textarea name="text"></textarea> <input type="submit"> </form> <?php if (isset($_POST["text"])) { $value = $_POST["text"]; $value = mysql_real_escape_string($value); $value = nl2br($value); print $value; } ?>` nl2br doesn't work

01-13-2009, 06:44 PM	PM User \| #10
JohnDubya Moderator Join Date: Nov 2006 Location: Missouri Posts: 553 Thanks: 11 Thanked 12 Times in 12 Posts	This is quite an annoying issue that I've dealt with far more times than I wish I had to. First off, the reason the <br /> tags are showing up in your textarea after submitting the form is because you are running nl2br() on the $N_art_body variable and then echoing it in the textarea below. What I normally do it run the nl2br() function on a different variable that has db_ in front of it. So I would do it like this: PHP Code: `$N_art_body = $_POST['x_art_body']; $db_N_art_body = safe_sql( nl2br($N_art_body) ); //I believe you can do this...if not, do the nl2br() first, then the safe_sql()` This way, you can still echo $N_art_body in the textarea, and it won't be changed, while you can put the $db_N_art_body in your database, and it will be safe from SQL injection. __________________ JDub http://johnnyzone.com/blog Last edited by JohnDubya; 01-13-2009 at 06:55 PM..

01-13-2009, 06:53 PM	PM User \| #11
jeddi Senior Coder Join Date: May 2006 Posts: 1,058 Thanks: 22 Thanked 4 Times in 4 Posts	Yes, I think thats the way. I have realised that I have been using my safe_sql function too early - I should be waiting until just before the query. However splitting it up in the manner you've suggested makes sense I'll be trying that out shortly. Thanks

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread: