mysql_real_escape_string() but allow \r\n?

[shortysbest]

i want to \r\n so line breaks show up not \r\n

[Pikachu2000]

Where are they showing up?

[shortysbest]

i have a textarea and when you type,

"this is line 1

this is line 2

this is line 3"

 

when i print the POST data it prints "this is line 1\r\nthis is line 2\r\nthis is line 3"

 

my code is:

 

nl2br(strip_tags(mysql_real_escape_string($_POST['status'])))

 

i have nl2br() to add the line breaks, but mysql_real_escape_string eliminates the function

 

when i put it like this tho:

mysql_real_escape_string(nl2br(strip_tags($_POST['status'])))

 

the same input as above comes to:

this is line 1

\r\nthis is line 2

\r\nthis is line 3

 

but it still shows \r\n

[kenrbnsn]

The function mysql_real_escape_string should only be used when inserting/updating/using data with a database. It is not meant to be used when displaying said data back to the user.

 

Ken

[shortysbest]

The function mysql_real_escape_string should only be used when inserting/updating/using data with a database. It is not meant to be used when displaying said data back to the user.

Ken

 

would you have any suggestions on how to get this to work then?

 

[kenrbnsn]

We have to see more of your code.

 

Ken

[shortysbest]

<?php
$status = mysql_real_escape_string(nl2br(strip_tags($_POST['status']))); 
$date = date('Y-m-d h:m:s e');
if($_POST['share']) {if($status){
mysql_query("INSERT INTO status VALUES('','$status','$session','$date')");
print "<script>self.location='index.php?node=profile&user=".$uid."'</script>"; 
}}
?>
<form action='index.php?node=profile&user=<?php print $uid?>' method='post'>
<textarea style="width:532px;" class="inputbox" name="status" rows="2" wrap="physical"></textarea>
<input style="float:right;margin-top:5px;" class='button' name='share' type='submit' value='Share'>
</form> 
</div>
<?php $select_status = mysql_query("SELECT * FROM status WHERE user='$uid' ORDER BY id DESC ");
$query = mysql_query("SELECT * FROM users WHERE id='$uid'");
$ua = mysql_fetch_assoc($query);
while ($status = mysql_fetch_array($select_status))
{
?>

[Pikachu2000]

You don't need to use mysql_real_escape_string to echo the data, but you do use it before using it in a database query string. If all you're doing is echoing $_POST data, you can do either of these.

 

echo "<pre>" . $_POST['status'] . "</pre><br />";
echo nl2br($_POST['status']);

[shortysbest]

You don't need to use mysql_real_escape_string to echo the data, but you do use it before using it in a database query string. If all you're doing is echoing $_POST data, you can do either of these.

 

echo "<pre>" . $_POST['status'] . "</pre><br />";
echo nl2br($_POST['status']);

 

the date that it is around does go to the database, i was just echoing it out for testing purposes.

[kenrbnsn]

Change this:

<?php
$status = mysql_real_escape_string(nl2br(strip_tags($_POST['status']))); 
?>

to

<?php
$status = (get_magic_quotes_gpc())?mysql_real_escape_string(stripslashes($_POST['status'])):mysql_real_escape_string($_POST['status']);
?>

 

When you want to display this back to the user after pulling it from the database, do something like this (this assumes that the retrieved value is in $rw['status']:

<?php
$status = (get_magic_quotes_gpc()):nl2br(strip_tags(stripslashes($rw['status']))):nl2br(strip_tags($rw['status']));
echo $status;
?>

 

Ken

[Pikachu2000]

Then I don't see what the problem is. Do you just not want the \r\n going into the database record? What is the goal here?

[shortysbest]

The I don't see what the problem is. Do you just not want the \r\n going into the database record? What is the goal here?

 

I want the \r\n to go to the database, but when it prints out i don't want it showing, i want it to be hidden and add the line spaces.

 

 

[shortysbest]

edit: nevermind fixed. Thanks a lot Ken.

[at2ot_m]

i'm encountering the same problem about nl2br and mysql_real_escape_string problem, you said that you had solved that problem, i'd love to know how you solved it because i have no clue, thank you..

 

Ben

 

Best regards

 

email: [email protected]

[PFMaBiSmAd]

Please start your own thread for your problem. Post your code and sample input that reproduces the problem and state what exact symptoms, errors, or incorrect result you are getting from that code and data.

 

Locking this topic.