Lodius2000 Posted June 26, 2008 Share Posted June 26, 2008 so I use mysql_real_escape_string() when i put data, that contains html tags from a text area into my db, when I want to display on my webpage I use stripslashes(), but everything has gone all haywire, all the <> and "" and '' have been reduced to entities and so none of the formatting is there anymore, I am at a loss as to how to fix it, right now i have stripslashes(html_entity_decode($row['data']) and things are still all jibberish the worst part is when i am typing in my textarea and I want a hard return (a " " space like the one above) for ease of reading, mysql_real_escape_string() encodes it as \r\n so when strip slashes comes along i am left with rn's all over the place here is an example this <p> this is <span class="blah"> some </span><span class='blah2'>test <br /> text. </p> prints on my web page rnthisrnisrn some testrn rntext.rn and the source code looks like <p>rnthisrnisrn<span class="blah"> some </span><span class='blah2'>testrn<br />rntext.rn</p> and the data in my db looks like this <p>\r\nthis\r\nis\r\n<span class=\"blah\"> some </span><span class=\'blah2\'>test\r\n<br />\r\ntext.\r\n</p> Help! thank you Quote Link to comment Share on other sites More sharing options...
Guest Posted June 26, 2008 Share Posted June 26, 2008 when you pull the data out use stripslashes to remove all the \ http://us2.php.net/stripslashes Quote Link to comment Share on other sites More sharing options...
Rowno Posted June 26, 2008 Share Posted June 26, 2008 You could use nl2br(htmlentities($str, ENT_QUOTES)) before you submit the data to the database. This will first html encode all characters (including quotes, that's what ENT_QUOTES does) and then adds <br /> tags to all spaces. Then all you have to do when you retrieve the data is use html_entity_decode($str, ENT_QUOTES) on it. This way you won't have any problems with \'s and \r\n's. Be careful of html injection though since any html someone enters will be shown. Quote Link to comment Share on other sites More sharing options...
dannyb785 Posted June 26, 2008 Share Posted June 26, 2008 ^^ did you even read his question? He said that he uses stripslashesand it messes things up. I dont know how the text is when you're inserting it in the database, but it needs to be like this... don't do anything do it(except addslashes) when inserting. Don't give it entities or anything. When displaying the data, do stuff to it just before outputting it. Like for example: while($row = mysql_fetch_assoc($result)) { extract($row); $text = htmlentities($page_data); echo $text; } And if you're putting the data into a textarea or input field, you don't need to do anything to it while($row = mysql_fetch_assoc($result)) { extract($row); echo "<textarea rows=5 cols=5 name=whatever>$text</textarea>"; } I never use stripslashes.. ever. If you need to use them, then you've been adding slashes when you don't need to. I think you may have magic_quotes on. When that's on, it adds slashes automatically. And then if you try to remove slashes, it will find "\n" and make it "n" Quote Link to comment Share on other sites More sharing options...
Rowno Posted June 26, 2008 Share Posted June 26, 2008 ^^ did you even read his question? He said that he uses stripslashesand it messes things up. I hope that wasn't aimed at me but at jeff8j Quote Link to comment Share on other sites More sharing options...
dannyb785 Posted June 26, 2008 Share Posted June 26, 2008 Yep, there are 2 arrows Quote Link to comment Share on other sites More sharing options...
Rowno Posted June 26, 2008 Share Posted June 26, 2008 lol Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.