nl2br

[wigglesby]

Hi

 

I have some data in my db, which is inserted into a form.

 

As some of the text is in " it's " with single quote, it inserts with a \' into the db.

 

This is all fine, the problem is I'm wanting to use nl2br, which finds all the \r\n and outputs a break.

 

But this still outputs the it\'s string.

 

I have the following:

 

$json_out = nl2br(stripslashes($mtj->get_json()));

 

But using stripslashes removes the \ form the it\'s but then outputs the rn minus theri slashes.

 

Anyway I can round this?

 

Thanks

[ignace]

$json_out = stripslashes(nl2br($mtj->get_json()));

[trq]

If you are having backslashes inserted into your database your data is not being escaped properly.

 

You should check if magic quotes is enabled, and if it is strip all slashes from your data then apply mysql_real_escape_string to it prior to placing it within your database.

[wigglesby]

Ok, I'm using:

 

$content = mysql_real_escape_string($_POST['content']);

 

To insert the text.

 

Do I need to add stripslashes before the real_escape_string function?

 

$content = stripslasges(mysql_real_escape_string($_POST['content']));

 

The code:

$json_out = stripslashes(nl2br($mtj->get_json()));

 

didn't work

 

Thanks

[trq]

Ok, I'm using:

 

$content = mysql_real_escape_string($_POST['content']);

 

To insert the text.

 

Do I need to add stripslashes before the real_escape_string function?

 

If magic quotes are enabled, yes.

 

if (get_magic_quotes_gpc()) {
  $content = stripslashes($_POST['content']);
} else {
  $content = $_POST['content'];
}
$content = mysql_real_escape_string($content);

[Adam]

Sounds like you may have magic quotes turned on. What does get_magic_quotes_gpc return?

 

-- thorpe beat me too it, kinda.

 

I think your best bet would be to disable, if it is enabled, it to be honest.

[wigglesby]

Ok:

echo get_magic_quotes_gpc();

 

Returned 1, so I guess magic quotes is turned on....

 

$json_out = nl2br($mtj->get_json());

 

This seemed to work as well.

 

Cheers guys

[wigglesby]

Ok, so it works for some but not others:

 

        if (get_magic_quotes_gpc()) {
                $good_practice = stripslashes($_POST['good_practice']);
                $investment_return = stripslashes($_POST['investment_return']);
        } else {
                $good_practice = $_POST['good_practice'];
                $investment_return = $_POST['investment_return'];
        }
$good_practice = mysql_real_escape_string($_POST['good_practice']);
$investment_return = mysql_real_escape_string($_POST['investment_return']);

 

On output it will still output the following:

 

it\'s

 

Any idea why?

 

Thanks

[Adam]

Should be:

 

$good_practice = mysql_real_escape_string($good_practice);

$investment_return = mysql_real_escape_string($investment_return);

[wigglesby]

Oh yeah

 

Cheers everyone!