What way round?

[EchoFool]

Which way round should these functions be :

 

<?php
$Message = mysql_real_escape_string(stripslashes($row['Message']));
?>

 

Or

<?php
$Message = stripslashes(mysql_real_escape_string($row['Message']));
?>

 

Because it keeps putting this into my paragraphs:

 

Good for you\r\n\r\nExpect lot\'s more

 

Very annoying having the \r\n\r\n, i don't know how to get rid of it =/

[wildteen88]

Is this being used when you're getting data out of the database? If so you don't need even need to run mysql_real_escape_string in this case. mysql_real_escape_string should on be used on variables (which contain strings) that are going to be used within an SQL query.

[.josh]

You should only be using stripslashes if magic quotes are ON, and it should be done before mysql_real_escape_string, and as wildteen said, all that is only done on data going into the database, not out ($row['var'] is a common array used when retrieving data, that's why wildteen asked).  If you read the mysql_real_escape_string manual entry, it explains how to use it.

[EchoFool]

Well it gets it from a database table, but then its also going to go back into a database table...

 

So it goes like this:

 

Retrieve data from field from table1

assign to $Message

Input $Message into table2

Echo $Message from table2

 

which is when the /r/n/r/n etc turns up.. and i do have the strip slashes done first... i was told that even if magic quotes are on or off theres no harm in having the strip slashes function in there?

[.josh]

Maybe I'm misunderstanding you, but if you're just pulling data out of one table and putting it into another, there's no reason for you to be using striplashes or mysql_real_escape_string at all.  The only time you need to do any of that sort of thing is when the data is coming from the user.