textarea issue \\\\\\\\r\\\\\\\\n\\\\\\\\r\\\\\\\\n\\\\\\\\r\\\\\\\

[$php_mysql$]

after i used real_escape_string in the post textarea field i get \\\\\\\\r\\\\\\\\n\\\\\\\\r\\\\\\\\n\\\\\\\\r\\\\\\\ along with the message in textarea everytime i sumbit the page. how to  get rid of them?

[Nodral]

$clean=implode('\',"\\\\\\\\r\\\\\\\\n\\\\\\\\r\\\\\\\\n\\\\\\\\r\\\\\\\");
$cleaner=explode($clean);

 

Dirty, but does the job

[TeNDoLLA]

If you do var_dump($_POST['name_of_textarea']); instantly after posting the form before doing anything to the value does it really give you that as a value? Since mysql_real_escape_string should not produce a string like that.

[cssfreakie]

It looks like you have magic quotes enabled.

go in to php.ini and check if it is enabled, if so put it off.

 

If you don't have access to php.ini

use stripslashes instead

 

There are quite some articles written about this. but if you can disable magic quotes do that

 

[$php_mysql$]

see i use this function to clean my $_POSTS

 

function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
		$str = htmlspecialchars($str);
	}
	return mysql_real_escape_string($str);		
    }

[requinix]

And how about the code that uses it? Everything between when it uses $_POST and when it creates the SQL queries.

[KevinM1]

Why are you using htmlspecialchars only when magic quotes are turned on?  And why are you using '@' to squelch errors on trim, of all things?

[cssfreakie]

in addition to nightslyr,

 

mysql_real_escape_string requires a connection, if you don't have that nothing will happen. (so your function won't return anything)

can you place this above your script:

error_reporting(E_ALL);
ini_set("display_errors", 1);

 

and report what errors you get?

 

 

[$php_mysql$]

code that uses it is like this

 

$data['description'] = clean($data['description']);

 

 

well my magic quotes are turned off. ok so right not while checking error im using this clean function so what if i use it just before interting data into db does it make sense

 

so i use it like

 

description = '".clean($postData['description'])."',

 

while data being inserted? and yes i removed htmlspecialchars that was a mistake

[$php_mysql$]

after adding that other than unidentified variables in my form which are related to my form check i get nothing else