NEONecd999 Posted September 27, 2008 Share Posted September 27, 2008 Hi, I have a text area input that is submitted in a form. I had the issue that when someone submitted a ' (single quote) symbol in the text area, the php/mysql syntax would think that that was the closing quote of the text field (SET fieldname= 'John's pizzeria'), causing a syntax error. To fix this, i put an "htmlencode()" around the $_POST variable before running it in mySQL to update (a MEDIUMTEXT field). This worked well. Now I'd also like to preserve line breaks inputted into the text area. As it is now, if you include two line breaks, those line breaks seem to be preserved in the mysql field, but when you call the field and echo it into HTML, the line breaks are gone. What is the best way to encode my text area so that I don't have syntax problems (and risk mySQL injection attacks) as well as maintain formatting things like line breaks? Thanks. Quote Link to comment Share on other sites More sharing options...
peranha Posted September 27, 2008 Share Posted September 27, 2008 for the line breaks, on your output use the following function. $string = nl2br($string); Quote Link to comment Share on other sites More sharing options...
NEONecd999 Posted September 27, 2008 Author Share Posted September 27, 2008 fantastic, thank you. Quote Link to comment Share on other sites More sharing options...
KrisNz Posted September 27, 2008 Share Posted September 27, 2008 escape it with mysql_real_escape_string() not htmlencode(). You shouldn't need to do anything else. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.