Jump to content

Reformatting MySQL for a "textarea" box

pault

By pault
in PHP Coding Help

 Share

Recommended Posts

pault Newbie

pault

Posted
Posted

This is driving me mad. I've looked in my books and on the Internet but I cannot find the answer.

 

I have a form with a textarea and I need to retain the linebreaks. Obviously, before I send the data to MySQL, I run it through mysqli_real_escape_string and the result is:

(In form)

"Foo"

Bar

(In phpMyAdmin)

\"Foo\"\r\nBar

 

When I extract the data from MySQL, I use stripslashes($var) to get the quote back and end up with:

"Foo"rnBar

 

The problem I am having is changing the \r\n or rn to newlines so that it looks correct in the form. I have tried using nl2br before stripslashes. Even tried using str_replace to change the /r/n to <br /> but I just end up with

"Foo"<br />Bar

in the textarea box.

 

There must be some simple thing that's causing the problem or people wouldn't be using textareas. Help!

Link to comment
https://forums.phpfreaks.com/topic/213206-reformatting-mysql-for-a-textarea-box/
Share on other sites
pault Newbie

pault

Posted
  • Author
Posted

Use addslashes and stripslashes on the text and mysql_real_escape_string on the field key?

http://es2.php.net/manual/en/function.mysql-real-escape-string.php

 

Surely addslashes and mysql_real_escape_string do the same thing? If I use stripslashes on the data from MySQL, I just end up with "Foo"rnBar. It doesn't seem to turn the \r\n into a newline.

DavidAM Member

DavidAM

Posted
Posted

You don't use stripslashes on the stuff coming from the database. At least I don't, and I have never had to. I have never seen the backslashes on the quotes actually IN the database. Do you have magic_quotes_gpc and/or magic_quotes_runtime turned ON?

 

[*]If magic_quotes is on, you should stripslashes($Text) when you get the data from the form

  [ You should turn off magic_quotes as it has been depricated and will go away soon ]

[*]Use mysql_real_escape_string($Text) when putting the data into the database

[*]Use htmlspecialchars($Text) when sending the data back to the form to be edited

[*]Use nl2br(htmlspecialchars($Text)) when sending the data to the page to be displayed

pault Newbie

pault

Posted
  • Author
Posted

Thanks all for the advice.

 

One combination I've finally found that seems to work is not to use mysqli_real_escape_string at all. I use addslashes taking the data to the database and stripslashes on extraction. That changes quotes but ignores line breaks. I also use prepared statements to write to the database.

 

Would this combination be secure?

pault Newbie

pault

Posted
  • Author
Posted

Surely addslashes and mysql_real_escape_string do the same thing?

Oh? They don't then? Isn't your solution what I said two days ago?

 

I thought they did but with experimentation found that addslashes leaves newlines alone and mysql_real_escape_string converts them. Your comments got me on the right track: it was the combination of addslashes AND mysql_real_escape_string which confused matters.

trq Prolific Member

trq

Posted
Posted

Your data shouldn't have slashes in it once its in the database. If it does, your doing something wrong.

 

It would appear that you have magic_quotes enabled. In this case, you will need to use stripslahses before mysql_real_escape_string on the way IN to the database.

 

As it is at the moment, you are double escaping everything. Once automatically by magic_quotes & then again once (properly) manually yourself using mysql_real_escape_string.

  • 3 weeks later...
dio Newbie

dio

Posted
Posted

this may be helpful I wrote it for my own problems with forms -> database

 

this will only be the code to echo out the 'notes' field the inserting into db I assume is already covered

 

keep in mind this deals with tabs as well.

<?php
//values from form
$notes=$_POST['notes']; 

// call format_notes function to remove newline,tabs
format_notes($notes);

// define the format_notes function and receive variable
function format_notes($notes) {
  $tab="\t";
  $nbsp="     "; // each   = 1 space
  $no_tabs=str_replace($tab,$nbsp,$notes);
  $clean=nl2br($no_tabs);
  echo $clean;
}
?>

 

output

no indent line 1

    indented once line 2

          indented three times line 3

no indent

 

If I hadn't put the function together it would look like this:

 

no indent line 1 indented once line 2 indented three times line 3 no indent

I'm told this isn't the best way to go but for my own purposes right now it seems to be just fine

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.