Dane Posted December 1, 2007 Share Posted December 1, 2007 Hey guys. I am using mysql_real_escape_string and htmlentities $var = mysql_real_escape_string(htmlentities($row['body'])); But when i enter a line break in my database <br /> It comes up with stuff like <br />/r/n How can i add breaks into the data ill pulling out? Thanks Quote Link to comment Share on other sites More sharing options...
Dane Posted December 1, 2007 Author Share Posted December 1, 2007 <br /> is what i enter Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted December 1, 2007 Share Posted December 1, 2007 You can try nl2br http://us2.php.net/manual/en/function.nl2br.php PhREEEk Quote Link to comment Share on other sites More sharing options...
revraz Posted December 1, 2007 Share Posted December 1, 2007 nl2br ? Quote Link to comment Share on other sites More sharing options...
Dane Posted December 1, 2007 Author Share Posted December 1, 2007 $var = nl2br(mysql_real_escape_string(htmlentities($row['body']))); returns <br />\r\n im using bbcode aswell.. Quote Link to comment Share on other sites More sharing options...
Wes1890 Posted December 1, 2007 Share Posted December 1, 2007 Just do a simple substr() $var = mysql_real_escape_string(htmlentities(substr("\r\n","<br />",$row['body']))); It replaces \r\n with <br /> Quote Link to comment Share on other sites More sharing options...
PHP_PhREEEk Posted December 1, 2007 Share Posted December 1, 2007 You said your <br's were getting turned into newlines on the way into the db. nl2br should re-convert it back when the data is pulled out. You don't need to do MRES or htmlentities on the info coming back out. It should have been sanitized on the way in. Kind of like addslashes going in, strip them coming out. you wouldn't addslashes going in, then addslashes again when you pull the data out. PhREEEk Quote Link to comment Share on other sites More sharing options...
Dane Posted December 1, 2007 Author Share Posted December 1, 2007 ok, thanks, think its sorted Quote Link to comment Share on other sites More sharing options...
Dane Posted December 1, 2007 Author Share Posted December 1, 2007 So to conclude this and to stop any sql injection... what would be the best way to input into the database htmlentities mres addslashes stripslashes? thanks Quote Link to comment Share on other sites More sharing options...
Wes1890 Posted December 1, 2007 Share Posted December 1, 2007 Just mysql_real_escape_string() should work to prevent mysql injection Quote Link to comment Share on other sites More sharing options...
Dane Posted December 1, 2007 Author Share Posted December 1, 2007 Awesome, thanks for all ur help guys <3 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.