Jump to content

Archived

This topic is now archived and is closed to further replies.

mellis95

Help with rn (/r/n) displaying in textarea

Recommended Posts

I have a textarea displaying data from a mysql table. However, a user discovered today that if they use a carriage return in the textarea, the data comes out with "rn" at the location in the text where the carriage return goes. I have been searching the forums for a while this afternoon and have found quite a few references to this, but have been unable to fix my problem.

 

I am using mysql_real_escape_string before inserting into database (I am not using anything else at insertion time). Is there something else that I should be using at either the insertion into the database or when I display the data? I have tried various combinations of htmlspecialchars() and htmlentities() and nl2br() with no luck.

 

Here is a sample of the output in my textarea:

 

copy diagonal lines and a square with no more than 1/4" overlap or gap at point of closure(modified).rn2.Patient will draw a person ........

Should look like:

copy diagonal lines and a square with no more than 1/4" overlap or gap at point of closure(modified).

2.Patient will draw a person ........

Thanks for the help.

Matt

 

 

Share this post


Link to post
Share on other sites

try using nl2br at time of insertion:

 

$textarea = nl2br ($_POST['textarea']);

 

this will convert any \r\n into <br />, which is what you are looking for.

 

hope that helps.

Share this post


Link to post
Share on other sites

Ok... That works as long as I don't also use mysql_real_escape_string. Am I sacrificing injection protection by doing this?

 

Thanks for the help.

 

Matt

Share this post


Link to post
Share on other sites

should not matter whether you use mysql_real_escape_string().  there must be another issue at hand.

 

post your insertion code and any other relevant code (form maybe).

Share this post


Link to post
Share on other sites

Here is the relevant insertion code: (with mysql_real_escape_string commented out so nl2br will work)

 

$potential=mysql_real_escape_string($_POST['potential']);
//$stg=mysql_real_escape_string($_POST['stg']);
$stg=nl2br ($_POST['stg']);
$dcd=mysql_real_escape_string($_POST['dcd']);
//-----Start Here----------------------------------------------
$update = date('Y-m-d');

$update1="UPDATE tbl_poc SET
aware_d='$aware_d',
aware_p='$aware_p',
problems='$problems',
goals='$goals',
case_conf='$case_conf',
progress='$progress',
t_plan='$t_plan',
frequency='$frequency',
potential='$potential',
dcd='$dcd',
updated='$update',
stg='$stg'
WHERE pocid like $eid";

//die($update1);
if (!mysql_query($update1))
  {
  die('Error2: ' . mysql_error());
  }

 

Here is the display code:

 

<tr><td colspan="3">
<textarea name="stg" rows="2" cols="120"><?php echo STRIPSLASHES(TRIM($formVars["stg"]));?></textarea></td>
</TR>

 

Thanks.

Matt

Share this post


Link to post
Share on other sites

Why are you stripping slashes for output? So you are aware, It is \r\n, the scape for carriage return and newline. If you strip the slashes, it will NOT parse as a new line and will simply display as 'rn'

<tr><td colspan="3">
<textarea name="stg" rows="2" cols="120"><?php echo trim($formVars["stg"]);?></textarea></td>
</TR>

Share this post


Link to post
Share on other sites

carriage returns are not preserved when sent via form to mysql db, therefore, nl2br is required.

 

what is happening when you use mysql_real_escape_string and nl2br together?

 

try:

 

$stg = mysql_real_escape_string (nl2br ($_POST['']));

 

you were overwriting the $stg variable the way you were doing it.

Share this post


Link to post
Share on other sites

Your data should be stored in its raw state, only applying nl2br on the data when you need to display it.

Share this post


Link to post
Share on other sites

carriage returns are not preserved when sent via form to mysql db, therefore, nl2br is required.

 

what is happening when you use mysql_real_escape_string and nl2br together?

 

try:

 

$stg = mysql_real_escape_string (nl2br ($_POST['']));

you were overwriting the $stg variable the way you were doing it.

when I try that I get the following output in the textarea:

1.rn2.rn3.rn

 

Where it should be:

1.

2.

3.

 

Why are you stripping slashes for output? So you are aware, It is \r\n, the scape for carriage return and newline. If you strip the slashes, it will NOT parse as a new line and will simply display as 'rn'

I was stripping the slashes because I had an earlier problem where it was displaying slashes everywhere I had ' or " .

 

Thanks for the help.

 

Matt

Share this post


Link to post
Share on other sites

Your data should be stored in its raw state, only applying nl2br on the data when you need to display it.

 

OK, I tried this:

removed nl2br() from insert, changed display code to:

<textarea name="stg" rows="2" cols="120"><?php echo nl2br(TRIM($formVars["stg"]));?></textarea></td>

 

Now I get the following output in the textarea:

 

1.\r\n2.\r\n3.\r\n

 

Matt

Share this post


Link to post
Share on other sites

That doesn't make much sense, newlines should be invisible. How are they being created?

Share this post


Link to post
Share on other sites

That doesn't make much sense, newlines should be invisible. How are they being created?

 

I am not creating them on purpose. The users are trying to create a numbered list by simply pressing the "Enter" key on the keyboard, something that I didn't plan for when I wrote the app. If I knew that the numbered list would be the same every time, I would accomodate it with multiple fields, but that is not an option for this application.

 

Thanks,

Matt

Share this post


Link to post
Share on other sites

Users hitting enter will not create the text \r\n within your data.

Share this post


Link to post
Share on other sites

Users hitting enter will not create the text \r\n within your data.

 

If that is true, then I have no idea how it is getting there. Here is what I have going in to the DB:

 

input box:

<tr><td colspan="3">
<textarea name="stg" rows="2" cols="120"><?php echo STRIPSLASHES(TRIM($formVars["stg"]));?></textarea>
</TR>

 

form submission/insert:

$stg = mysql_real_escape_string($_POST['stg']);
$update1="UPDATE tbl_poc SET
aware_d='$aware_d',
aware_p='$aware_p',
problems='$problems',
goals='$goals',
case_conf='$case_conf',
progress='$progress',
t_plan='$t_plan',
frequency='$frequency',
potential='$potential',
dcd='$dcd',
updated='$update',
stg='$stg'
WHERE pocid like $eid";

 

the field in question from "Show Create Table":

`stg` text,

 

The query that pulls the data for display:

$getter="SELECT patient_id, id, eval_id, pocid, poc_date, aware_d, aware_p, case_conf, problems, goals, stg, progress, t_plan, frequency, potential, dcd FROM tbl_poc WHERE pocid like $eid";
if (!mysql_query($getter))
{
  die('Error1: ' . mysql_error());
  }
$p1r = mysql_query($getter);
$formVars=mysql_fetch_array($p1r)

 

Where could it be adding "\r\n"???

 

Thanks for the help.

Matt

Share this post


Link to post
Share on other sites

I had exactly the same issue before. When using mysql_real_escape_string from posted data, then using that to populate a textarea (say if there were an error), all the new lines would be displayed as (\r\n).

 

The problem is, you shouldn't be doing mysql_real_escape string until the data is being inserted into the database. So if you have to post this back to the page, use striptags or clean it some other way. Try to use the $_POST array instead of running it through loads of functions.

 

Then, when the data is to be inserted into the database, you can properly escape it.

Share this post


Link to post
Share on other sites

This problem because of two php functions conflicting. If "magic_quotes_gpc" is enables (assuming that you are using php version less than 5.3.0) then you should not use mysql_real_esacpe_string when inserting data into database.

you can use this code to over come this issue:

 

            if(!get_magic_quotes_gpc())
		{
            $text= mysql_real_escape_string($text);
		}

Share this post


Link to post
Share on other sites

I'm gonna assume you would have to do the following below:

 

$stg = mysql_real_escape_string(str_replace("rn", "<br>", $_POST['stg']));

If your displaying $stg on a page that's including "BBCode" then you would change "<br>" to

[br]

Hope this helps your problem.

Share this post


Link to post
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.