eirika

Thanks, I see. nl2br() should be used for output, and is not necessary for the input to the DB.

Hi, PHP newbie here, and my first post. I am in the process of learning PHP. Currently I am looking at forms and DB input. I would like to verify if my current method of keeping the linebreaks from a TEXTAREA field, and still keep the DB input safe is correct. I use the following code to get the input from the TEXTAREA field. $comments = mysql_real_escape_string(nl2br(filter_var($_POST["comments"], FILTER_SANITIZE_STRING))); Is this the correct way of handling this? Thanks