View Full Version : mysqli_real_escape_string adds \n\r

12-20-2006, 10:38 PM
I'm submitting a form that contains the content for a page...

I'm using (to avoid SQL injection attacks) $mysqli->real_escape_string($var).

Other forums have advised enclosing that with stripslashes() to avoid multiple slashes.

That is not the problem - the problem is that the real_escape_string function is adding a \n\r to my input...

How do I get these new lines out of here?

12-21-2006, 04:30 AM
you sure that's not \r\n ? which would be a regular newline on win32, you should only stripslashes if you have to, else you are potentially undoing some of the good done by the mysql_escape_string().

check if you need to stripslashes...

$quotes_on = (get_magic_quotes_gpc()==1 || get_magic_quotes_runtime()==1) ? true : false ;

if $quotes_on === true then stripslashes before you escape, else do not.

12-21-2006, 02:47 PM
Quotes are on...

So I am stripslashing before I escape. Now - the problem is that it is still giving me a \r\n ... I have tried preg_match, preg_replace to find the \r\n after the escape - but to no avail. <sigh>

Any thoughts?